Post

4 followers Follow
1
Avatar

Server Authentication & WordPress

I am trying to create a WordPress plugin for Podio for a client, and I'm having a little trouble with the server authentication flow. 

I can get authenticated, pull data, etc - but I can't seem to STAY authenticated. (I need to get a list of items in an app, give the user a chance to choose from that list, and based on their choice, make another api request - it is this second api request that is giving me trouble.) 

I'm not quite sure where I'm going wrong, so any help would be much appreciated. 

I'm using the php client, server-side authentication, and I've gotten sessions enabled in wp. 

Thank you! :)

(if this posts twice, I apologize - I thought I had posted the question, but It didn't seem to go through, so I am posting again.)

Laird Sapir Answered

Please sign in to leave a comment.

16 comments

0
Avatar

You need to save the access token and refresh token (preferably in the user meta table in WP) and add them to each API call like this:

$api->oauth->access_token = $access_token
$api->oauth->refresh_token = $refresh_token

// make API calls here

// Carl at Elvenite

Carl-Fredrik Herö 0 votes
0
Avatar

Thank you for your help, Carl! 

Just to make sure I understand the flow... I authenticate, then store the tokens in user_meta.

Once I store the tokens...

 $access_token = get_user_meta($user_id, 'access_token'); 

 $refresh_token = get_user_meta($user_id, 'refresh_token');

And then every time I make an api call it would look something like...

$api->oauth->access_token = $access_token;

$api->oauth->refresh_token = $refresh_token;

$podioinfoineed = $api->item->getItems($app_id, array(

'limit' => 10,

'sort_by' => 'title',

'sort_desc' => false,

));

etc...?

Laird Sapir 0 votes
0
Avatar

That seems right. I would add a third parameter with true as the value to the get_user_meta function to make it return the token as a string instead of an array.

Good luck!

Carl-Fredrik Herö 0 votes
0
Avatar

hmmm...still getting an invalid_grant error on the second call...*head desk* 

No problem authorizing the first time, the tokens are being successfully saved to the db...hmmmm... any ideas where else I might be taking a wrong turn?

Laird Sapir 0 votes
0
Avatar

Put the client in debug mode right after initializing it:

$api->debug = true;

Then all communication back and forth will be logged to the PHP Error log and you can go in there to debug.

Or you can print the contents of $api->oauth->access_token to the screen before making the second call

Andreas Haugstrup Pedersen 0 votes
0
Avatar

oh, obvious, sorry! Thanks Andreas. Ok - I turned debugging on.

Carl, tokens are not being sent with the second call. 

Laird Sapir 0 votes
0
Avatar

Ok, that's why the second call won't work. Now you need to figure out why $api->oauth->access_token doesn't get the value from $access_token.

Carl-Fredrik Herö 0 votes
0
Avatar

right? :)

Thank you Carl - I'm going to keep working on it.

I'm not missing something fundamental about the interaction process with the api, am I?

I should be able to make one api call, ask a user to make a decision based on the results returned in the first call, and then make a second call, (without re-authenticating) right? 

Laird Sapir 0 votes
0
Avatar

If both calls happen during the same page requests, yes.

If the calls are not in the same page request you will need to store the access token (in the meta database table or in a session) otherwise the second api call will no longer have access to the access token from the first page request since HTTP is stateless.

Andreas Haugstrup Pedersen 0 votes
0
Avatar

Hi Laird, I like to know If you ever did release that WordPress plugin you worked on to the market?

Richard Rowe 0 votes
0
Avatar

Hi Richard! I actually built it for a client, so I didn't release it in the sense of releasing it publicly or anything, but if you want to know more about it, feel free to email me! 

Laird Sapir 0 votes