Annoying invalid credentials with oauth 2.0 google + api

9
votes

I'm trying to use oauth 2.0 for the google + api on my site, and I keep getting: 

{
    "error": {
        "errors": [{
            "domain": "global",
            "reason": "authError",
            "message": "Invalid Credentials",
            "locationType": "header",
            "location": "Authorization"
        }],
        "code": 401,
        "message": "Invalid Credentials"
    }
}

The thing is, I don't know why this is happening. I have a valid access token from google, but google tells be it is invalid. I know that the token has not expired because the json data is request from google within 10 seconds of getting the access token. Here is the process that I'm using:

  1. Get user to authorize the request.
  2. Gets request code from google.
  3. Uses cUrl to request access token with the request code from google.
  4. Puts the access code into a php session.
  5. redirects back to the main page.
  6. Main page detects session variable is set and doesn't display login link.
  7. Php on main page uses readFile to get the json response from google.
  8. Google returns invalid credentials.

here is a example uri generated by php that is inserted into readFile:

https://www.googleapis.com/plus/v1/people/me?prettyprint=true&access_token=ya29.AHES6ZQRGovDa5FHsojU3qCM1DEnYmJPywz1muUE4CWGH5n70OcAkw

Help please?

8
phpcurlgoogle-apigoogle-plus
Probably gonna need to post some more code to get useful feedback. If you're 100% certain your token is valid, I'd start by focusing on the part of the code where you are submitting the credentials. Maybe your token isn't coming out identical to how it goes in, and you're invalidating yourself...?Drew

8 Answers

2
votes

You shouldn't share an unaltered access token - someone can use that to impersonate you (really for whomever it was granted).

It's also better to pass the Auth token as a header, like:

curl -H "Authorization: OAuth ya29.xyzxyz" "https://www.googleapis.com/plus/v1/people/me"

Not sure if that's essential but your error message seems to indicate an auth error in the header so you may be providing an Authorization header which doesn't match the one you need.

2
votes

Here is a solution using PHP's pecl oauth extension. The will sign the request the way you have defined it. In this case in a config file json object that was imported into the script.

        $oauth = new OAuth($this->config->consumer_key, $this->config->consumer_secret, $this->config->signature_method, $this->config->auth_type);
        $oauth->setVersion($this->config->version);
        $oauth->setToken($accessToken->oauth_token, $accessToken->oauth_token_secret);

        $params = array(
            'fields' => 'displayName,emails,id,image,name',
            'pp' => 1
        );

        $oauth->fetch('https://www.googleapis.com/plus/v1/people/me', $params, OAUTH_HTTP_METHOD_GET);

        // extract response
        $json = Zend_Json::decode($oauth->getLastResponse(), Zend_Json::TYPE_OBJECT);
1
votes

Have you tried one of the Google API clients? There are starter applications you can use to get the ball rolling.

https://developers.google.com/+/downloads

0
votes

I had this problem before but with twitter.

For OAuth actually we communicate with the twitter twice, first to acquire request token, second to authorize sending the first token that's already signed. Maybe you only overcome the 1st one.

0
votes

I have been getting the same 401 "Invalid Credentials" error for a few hours. Than I noticed that I stored my access_token in the database in a VARCHAR(50) field. It cut off a portion of the access_token. I increased the column length. FIXED.

Double check the length of the field in the database where you store your access_token and also your refresh_token!

0
votes

I think the me API is broken. The problem is gone when I try to request a URI with a real user ID. I mean like this: https://www.googleapis.com/plus/v1/people/108189587050871927619?key={your_api_key}

0
votes

Delete your token.json file, then attempt the request again.

-1
votes

The problem for me was the header "Authorization" on GET/POST request:

Google documentation said: Authorization: /* OAuth 2.0 token here */

But the correct is: Authorization: OAuth /* OAuth 2.0 token here */

Yes! include "OATH " before your token key!

If you are using cURL (PHP), use:

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: OAuth '.$_SESSION['access_token'], 'Content-Type: application/json'));