POST using CURL in PHP gives invalid request Error

Question

I am using below post method for google account using curl but it gives me invalid_request error.

POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded

code=4/ux5gNj-_mIu4DOD_gNZdjX9EtOFf&
client_id=1084945748469-eg34imk572gdhu83gj5p0an9fut6urp5.apps.googleusercontent.com&
client_secret=CENSORED&
redirect_uri=http://localhost/oauth2callback&
grant_type=authorization_code

Here is my PHP code with curl

$text ='test';

$URL = "https://accounts.google.com/o/oauth2/token";

$header = array(
"POST /o/oauth2/token HTTP/1.1",
"Host: accounts.google.com",
"Content-type: application/atom+xml;charset=\"utf-8\"",
"Accept: text/xml",
"Cache-Control: no-cache", 
"code=[my_code]&client_id=[my_client_id]&client_secret=[my_client_secret]& redirect_uri=http://localhost/curl_resp.php&grant_type=authorization_code",
"Content-length: ".strlen($text),
);


 $xml_do = curl_init();
 curl_setopt($xml_do, CURLOPT_URL, $URL);
 curl_setopt($xml_do, CURLOPT_CONNECTTIMEOUT, 10);
 curl_setopt($xml_do, CURLOPT_TIMEOUT, 10);
 curl_setopt($xml_do, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($xml_do, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($xml_do, CURLOPT_SSL_VERIFYHOST, false);
 curl_setopt($xml_do, CURLOPT_POST, false);
 curl_setopt($xml_do, CURLOPT_POSTFIELDS, $text);
 curl_setopt($xml_do, CURLOPT_HTTPHEADER, $header);

And I am having invalid request error

Answer 1

I don't know anything about using Google's oAuth API, but from the examples that I have looked at so far, it looks like you are supposed to pass the values (i.e. code, client_id, etc.) in the post fields, not directly in the HTTP header.

The following example still doesn't work completely, but instead of getting a invalid_request error, it gives you invalid_grant. I think there is something else wrong in addition to what I've mentioned (perhaps you need new credentials from Google or something), but this might get you one step closer, at least:

$post = array(
    "grant_type" => "authorization_code", 
    "code" => "your_code", 
    "client_id" => "your_client_id", 
    "client_secret" => "your_client_secret", 
    "redirect_uri" => "http://localhost/curl_resp.php"
);

$postText = http_build_query($post);

$url = "https://accounts.google.com/o/oauth2/token";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postText); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

$result = curl_exec($ch);
var_dump($result);    // gets an error, "invalid_grant"

Answer 2

The response to your request actually includes a very readable description of the problem:

POST requests require a Content-length header.