Guzzle - 400 Bad Request` response: {“error”:“invalid_client”} - when making token request

1
votes

I'm trying to make a token request using guzzle and receive an error "400 Bad Request` response: {"error":"invalid_client"}". I can make the same request with cURL and HTTP_Request2 with no problem.

<?php
    require 'vendor/autoload.php';
    use GuzzleHttp\Client;
    use GuzzleHttp\Exception\RequestException;
    use GuzzleHttp\Psr7\Request;

    session_start();
    if(isset($_GET['code'])){
        $code = $_GET['code'];
        $encodeB64 = base64_encode('{clientID}:{clientSecret}');
        $client = new GuzzleHttp\Client();
        $response = $client->request('POST', 'https://identity.reckon.com/connect/token',[
        ['headers' => ['Content-Type' => 'application/x-www-form-urlencoded'],['Authorization' => 'Basic '.$encodeB64]],
        ['body' => ['grant_type' => 'authorization_code'],['code' => $code],['redirect_uri' => '{redirectURI}']]
        ]);
        $body = $response->getBody();
        echo $body;
    }

These are the details of how to make a token request with this API:

URL: https://identity.reckon.com/connect/token

Type: POST

Body: grant_type=authorization_code&code={code}&redirect_uri={redirect url}

Headers:

  • Content-Type = application/x-www-form-urlencoded

  • Authorization: Basic{client id:client secret encoded in base64}

Not sure where I'm going wrong.

2
phpguzzle
try to check the request string sent to the api server there might be something happening on the string before its getting sent to the api server also those enclosures within [ and ] are those just representation or as how they are really implemented within the code?Christopher Pelayo

2 Answers

1
votes

I have worked it out. The answer was the following:

<?php
    require 'C:/Users/Shane/vendor/autoload.php';
    use GuzzleHttp\Client;
    use GuzzleHttp\Exception\RequestException;
    use GuzzleHttp\Psr7\Request;

    session_start();
    if(isset($_GET['code'])){
        $code = $_GET['code'];
        $encodeB64 = base64_encode('{client id}:{client secret}');
        $authbody = 'grant_type=authorization_code&code='.$code.'&redirect_uri={redirect url}';
        $client = new GuzzleHttp\Client();
        $response = $client->request('POST', 'https://identity.reckon.com/connect/token',['headers' => 
            ['Content-Type' => 'application/x-www-form-urlencoded','Authorization' => 'Basic '.$encodeB64],
            'body' => $authbody]);
        $body = $response->getBody();
        echo $body;
0
votes

I have recently gone through {"error":"invalid_client"} with Guzzle, the error actually tells you specifically if something wrong with clientId or clientSecret. In my case I had first letter of clientSecret capitalized. It took a while to figure it out.