OAuth2 returns invalid

good day,

I'm having trouble with getting the access token. I've followed the guide here: http://developers.box.com/oauth/ and already get my client_id, client_secret, and set the redirect_uri on the App settings (OAuth2 parameters) section.

Here is the code for the file client.php

<?php
    $client_id = 'my_client_id_here'; //removed
    $post_url = 'https://www.box.com/api/oauth2/authorize';

    include 'includes/header.php';
?>
    <div id="content">
        <form action="<?php echo $post_url; ?>" type="POST" enctype="application/x-www-form-urlencoded">
            <input type="text" name="response_type" value="code">
            <input type="text" name="client_id" value="<?php echo $client_id; ?>">
            <input type="text" name="state" value="vexhax97td8xf_SomeTemporaryValueForTesting">
            <input type="submit">
        </form>
        <div id="response"></div>
    </div>

<?php
    include 'includes/footer.php';
?>

and here's code for the file something.php (this is where the redirect_uri will go)

<?php

$client_id =  'my_client_id_here'; //removed
$client_secret =  'my_client_secrect_here'; //removed
$post_url = 'https://www.box.com/api/oauth2/token';

$code = $_GET['code'];

include 'includes/header.php';

$fields_params = array(
        "grant_type" => 'authorization_code',
        "code" => $code,
        "client_id" => $client_id,
        "client_secret" => $client_secret
    );

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_URL, $post_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_params);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'Accept: application/json'
));

$data = curl_exec($ch); 
curl_close($ch);

$json = json_decode($data, true);
var_dump($json);

?>
    <div id="content">
        <?php 
            //Nothing fancy, just for displaying passed values
            if (isset($_GET))
                var_dump($_GET); 

            if (isset($_POST))
                var_dump($_POST); 
        ?>
    </div>

<?php
    include 'includes/footer.php';
?>

...now what happens is,

1.) on the first step (client.php), there is a form there with submit button.

2.) After i clicked on the submit button, i get redirected to the Box' login page with the button "Authorize".

3.) after entering login details and allow granting access for my app. I now gets redirected to the redirect_uri that i've set on the App settings (something.php), where in this file, it will execute curl post to get an access token, but i get stuck at this part, the curl result returns with the error:

array(2) { ["error"]=> string(14) "invalid_client" ["error_description"]=> string(34) "The client credentials are invalid" }

I'm sure that I have entered my client_id and client_secret correctly which I've obtained from the App settings. And the url for the redirect_uri, is also SSL enabled.

Any solutions, ideas why this is happening?

Thank you for your help.

How do I fix OAuth error?

When a user tries to login after the session id is expired, the system throws the OAuth error. Solution: Typically, clearing the browser or device cache fixes the problem.

What does invalid client mean?

Invalid Client If the error raised is Invalid client, then it may be due to two reasons: 1.The client_id that is being passed is invalid. Please verify the client_id once again in https://api-console.zoho.com/ 2.It is possible that you are not making the request to the correct Data Center.

What does invalid OAuth 2.0 access token mean?

If the access token request is invalid, such as the redirect URL didn't match the one used during authorization, then the server needs to return an error response. Error responses are returned with an HTTP 400 status code (unless specified otherwise), with error and error_description parameters.

What does unauthorized client mean?

unauthorized_client comes when your clientId and clientSecret are not matching. access_denied comes when you are a legitimate user but don't have permissions to perform certain operation.

The problem is in the cURL headers you're setting something.php. Remove the Content-Type header. In fact, you can not set the headers at all - cURL will send the correctly encoded parameters and Box will return JSON data by default.

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Accept: application/json'
));

Here is how I received the token in JS

authorizeUser = function(){    

        var results = $.ajax({

            // The URL to process the request
            url : 'https://www.box.com/api/oauth2/token',
            type : 'POST',
            data : {
                grant_type : 'authorization_code',
                code : data.boxAuthorizationCode,
                client_id : data.clientId,
                client_secret : data.clientSecret
            },
            beforeSend: function (xhr) {
  xhr.setRequestHeader("Authorization", "Bearer $token")
},
            dataType: "json",
            success: function(response) {
               //console.log(response);
               console.log(response.access_token);
               data.access_token = response.access_token;
               tokenGranted();
            }

        });

        return results.responseText;

    },

OAuth2 returns invalid_client error

Tags:

php

curl

oauth

box-api

user3072698

People also ask

2 Answers

Andy Jones

the_danimal

Recent Activity

Donate For Us