Server Authentication & WordPress

Answered

Follow

Laird Sapir

• August 27, 2012 22:16

I am trying to create a WordPress plugin for Podio for a client, and I'm having a little trouble with the server authentication flow. 

I can get authenticated, pull data, etc - but I can't seem to STAY authenticated. (I need to get a list of items in an app, give the user a chance to choose from that list, and based on their choice, make another api request - it is this second api request that is giving me trouble.) 

I'm not quite sure where I'm going wrong, so any help would be much appreciated. 

I'm using the php client, server-side authentication, and I've gotten sessions enabled in wp. 

Thank you! :)

(if this posts twice, I apologize - I thought I had posted the question, but It didn't seem to go through, so I am posting again.)

1

• 

  Carl-Fredrik Herö

  • August 28, 2012 04:43

  You need to save the access token and refresh token (preferably in the user meta table in WP) and add them to each API call like this:

  $api->oauth->access_token = $access_token
  $api->oauth->refresh_token = $refresh_token

  // make API calls here

  // Carl at Elvenite

  0

  Comment actions Permalink
• 

  Carl-Fredrik Herö

  • August 28, 2012 04:45

  Sorry, forgot about the semi colon at the end of each row. :)

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 15:10

  Thank you for your help, Carl! 

  Just to make sure I understand the flow... I authenticate, then store the tokens in user_meta.

  Once I store the tokens...

   $access_token = get_user_meta($user_id, 'access_token'); 

   $refresh_token = get_user_meta($user_id, 'refresh_token');

  And then every time I make an api call it would look something like...

  $api->oauth->access_token = $access_token;

  $api->oauth->refresh_token = $refresh_token;

  $podioinfoineed = $api->item->getItems($app_id, array(
  
  'limit' => 10,
  
  'sort_by' => 'title',
  
  'sort_desc' => false,
  
  ));

  etc...?

  0

  Comment actions Permalink
• 

  Carl-Fredrik Herö

  • August 28, 2012 15:32

  That seems right. I would add a third parameter with true as the value to the get_user_meta function to make it return the token as a string instead of an array.

  Good luck!

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 15:43

  Thank you Carl, I'll go give that a try! 

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 17:18

  hmmm...still getting an invalid_grant error on the second call...*head desk* 

  No problem authorizing the first time, the tokens are being successfully saved to the db...hmmmm... any ideas where else I might be taking a wrong turn?

  0

  Comment actions Permalink
• 

  Carl-Fredrik Herö

  • August 28, 2012 18:43

  Does the API have the tokens when they do the second call?

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 18:47

  how would I check that to be sure?

  0

  Comment actions Permalink
• 

  Andreas Haugstrup Pedersen

  • August 28, 2012 18:49

  Put the client in debug mode right after initializing it:

  $api->debug = true;

  Then all communication back and forth will be logged to the PHP Error log and you can go in there to debug.

  Or you can print the contents of $api->oauth->access_token to the screen before making the second call

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 19:01

  oh, obvious, sorry! Thanks Andreas. Ok - I turned debugging on.

  Carl, tokens are not being sent with the second call. 

  0

  Comment actions Permalink
• 

  Carl-Fredrik Herö

  • August 28, 2012 19:05

  Ok, that's why the second call won't work. Now you need to figure out why $api->oauth->access_token doesn't get the value from $access_token.

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 19:15

  right? :)

  Thank you Carl - I'm going to keep working on it.

  I'm not missing something fundamental about the interaction process with the api, am I?

  I should be able to make one api call, ask a user to make a decision based on the results returned in the first call, and then make a second call, (without re-authenticating) right? 

  0

  Comment actions Permalink
• 

  Andreas Haugstrup Pedersen

  • August 28, 2012 19:18

  If both calls happen during the same page requests, yes.

  If the calls are not in the same page request you will need to store the access token (in the meta database table or in a session) otherwise the second api call will no longer have access to the access token from the first page request since HTTP is stateless.

  0

  Comment actions Permalink
• 

  Laird Sapir

  • August 28, 2012 19:24

  Thanks Andreas!

  0

  Comment actions Permalink
• 

  Richard Rowe

  • March 18, 2013 09:45

  Hi Laird, I like to know If you ever did release that WordPress plugin you worked on to the market?

  0

  Comment actions Permalink
• 

  Laird Sapir

  • March 18, 2013 14:08

  Hi Richard! I actually built it for a client, so I didn't release it in the sense of releasing it publicly or anything, but if you want to know more about it, feel free to email me! 

  0

  Comment actions Permalink

Please sign in to leave a comment.