Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google oauth2.0 405 error

Im trying to use google oauth using the below link but get a 405 error,

Can you please let me know if the parameters are correct?

client_id = changed to a diff value
response_type = code
scope= openid%20email
redirecturl = given the value based on what I registered in console.developers.com
login_hint = my gmail id..

https://accounts.google.com/o/oauth2/token?
 client_id=690178314820-85fvo4eq56se4mppdaf0pt6tnnjo552&
 response_type=code&
 scope=openid%20email&
 redirect_uri=http://test.webfactional.com&
 state=security_token%3D138r5719ru3e1%26url%3Dhttps://oa2cb.example.com/myHome&
 [email protected]

I made the above get requests in the browser..

like image 683
user1050619 Avatar asked Jun 03 '14 23:06

user1050619


People also ask

How do I fix OAuth error?

When a user tries to login after the session id is expired, the system throws the OAuth error. Solution: Typically, clearing the browser or device cache fixes the problem.


1 Answers

There are a few steps to getting access to Google its easer for me to show you the full flow. My guess is you are stuck on step two because your not sending it as a post.

Step 1: Ask for access

https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri={From console}&scope=openid%20email&response_type=code

This just displays the window asking them to approve you. Once the user has approved access you get a one time Authentication Code.

Step 2: Exchange Authentication Code for AccessToken and RefreshToken. Note this needs to be sent as a HTTP POST not a HTTP Get.

https://accounts.google.com/o/oauth2/token
code={Authentication Code from step 1}&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=={From console}&grant_type=authorization_code

you should get a JSon string back looking something like this.

{
"access_token" : "ya29.1.AADtN_VSBMC2Ga2lhxsTKjVQ_ROco8VbD6h01aj4PcKHLm6qvHbNtn-_BIzXMw",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/J-3zPA8XR1o_cXebV9sDKn_f5MTqaFhKFxH-3PUPiJ4"
}

Now you can take that Access_token and use it to make your requests. But access tokens are only good for 1 hour and then they expire before that time you need to use the Refresh_token to get a new access token. Also if you are going to want to access your users data again you should save the refresh_token some place that will enable you to always access there data.

Step 3: Use Refreshtoken

https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token={RefreshToken from step 2}&grant_type=refresh_token

This time you will only get the Access token back, because your refreshtoken is good until the user removes authentication or you haven't used it for 6 months.

{
"access_token" : "ya29.1.AADtN_XK16As2ZHlScqOxGtntIlevNcasMSPwGiE3pe5ANZfrmJTcsI3ZtAjv4sDrPDRnQ",
"token_type" : "Bearer",
"expires_in" : 3600
}

You can find more detailed information on this here Google 3 Legged oauth2 flow

like image 72
DaImTo Avatar answered Oct 12 '22 00:10

DaImTo