Post

2 followers Follow
0
Avatar

Podio API authentication error after refresh (PodioConnectionError)

im trying out podio api for the first time and was able to authenticate (through server) but im getting error every time I refresh the page.

Error: Fatal error: Uncaught PodioInvalidGrantError: "Sorry, your OAuth code is invalid." Request URL: http://api.podio.com/oauth/token Stack Trace: #0

I find it weird because im able to pass the 2nd REDIRECT_URI after authentication but when I refresh the page im getting the error above.

if (isset($_GET['error'])) {
print "There was a problem. The server said: {$_GET['error_description']}";}

else {
// Finalize authentication. Note that we must pass the REDIRECT_URI again.
$auth = rawurldecode(REDIRECT_URI);
Podio::authenticate_with_authorization_code($_GET['code'], $auth);
print "You have been authenticated! <br /><br>";
}

Tikboy Answered

Please sign in to leave a comment.

16 comments

0
Avatar

Here it is andreas. Thanks in advance!

<html><head></head><body>

<?php
require_once './PodioAPI.php';

define("REDIRECT_URI", 'http://localhost/podio/');
define("CLIENT_ID", 'podioapitest-musmij');
define("CLIENT_SECRET", 'Y0GXKBi7WgEep1IcrJ5GNJ6r8Utv7CWuURCc0JwOw3QZpGUwnTrbUBGoRkGQOZXw');

$api = Podio::setup(CLIENT_ID, CLIENT_SECRET);

if (!isset($_GET['code']) && !Podio::is_authenticated()) {
$auth_url = rawurldecode(Podio::authorize_url(REDIRECT_URI));
// Podio::authorize_url prepends 'https://podio.com/oauth/authorize?client_id=podioapitest-bh9oo0&redirect_uri='
print "<a href='{$auth_url}'>Login with Podio Account</a>";
}
elseif (Podio::is_authenticated()) {
print "You were already authenticated and no authentication is needed.";
}
elseif (isset($_GET['code'])) {
// User is being redirected back from podio.com after authenticating.
// The authorization code is available in $_GET['code']
// We use it to finalize the authentication
// If there was a problem $_GET['error'] is set:
if (isset($_GET['error'])) {
print "There was a problem. The server said: {$_GET['error_description']}";
}
else {
// Finalize authentication. Note that we must pass the REDIRECT_URI again.
print "hello";
$auth = rawurldecode(REDIRECT_URI);
Podio::authenticate_with_authorization_code($_GET['code'], $auth);
print "You have been authenticated! <br /><br>";

$access_token = Podio::$oauth->access_token;
$expires_in = Podio::$oauth->expires_in;
$refresh_token = Podio::$oauth->refresh_token;

print "Access Token = {$access_token}<br>";
print "Expires In {$expires_in}<br>";
print "Refresh Token {$refresh_token}<br><br>";

print "The access token is automatically saved in a session for your convenience.<br><br>";

$status = PodioUserStatus::get();
$orgdata = PodioOrganization::get_all();

$apps = PodioApp::get_all( $attributes = array() );
print "Your user id is <b>{$status->user->id}</b> and you have <b>{$status->mail}</b> unread messages or notification.<br><br>";
foreach ($orgdata as $org => $orgv){
print "{$orgdata[$org]->name} <br />";

    foreach ($orgdata[$org]->spaces as $keyspaces => $works){print "--{$orgdata[$org]->spaces[$keyspaces]->name} <br />";} print "<br><br>";
}print "hi";

}
}
?>

</body></html>

Tikboy 0 votes
Permalink
1
Avatar

The issue is that session management is not enabled by default. When you reload the page the second time, the script tries to authenticate with the same code a second time (hence giving an error). If you add a session manager as described here, it should all just work(tm): http://podio.github.io/podio-php/sessions/

Andreas Garnæs 1 vote
Permalink
0
Avatar

If it's ok. can you help me again? Im just really noob in API.

How should I use PodioUserStatus::get() or PodioOrganization::get_all(); now? Because im getting a new error now:

Fatal error: Uncaught PodioAuthorizationError: "invalid_request" Request URL: http://api.podio.com/user/status Stack Trace: #0

Tikboy 0 votes
Permalink
0
Avatar

I was able to do it but then back to previous problem: im getting error when I refresh

<html><head></head><body>

<?php
session_start('PodioSession');
require_once './PodioAPI.php';
require_once './session.php';

define("REDIRECT_URI", 'http://localhost/jpodio/');
define("CLIENT_ID", 'podioapitest-musmij');
define("CLIENT_SECRET", 'Y0GXKBi7WgEep1IcrJ5GNJ6r8Utv7CWuURCc0JwOw3QZpGUwnTrbUBGoRkGQOZXw');

$hey = array("session_manager" => "PodioSession");
Podio::setup(CLIENT_ID, CLIENT_SECRET, $hey);

if (Podio::is_authenticated() || isset($_GET['code'])) {
print "Authenticated! <br /><br>";

Podio::authenticate_with_authorization_code($_GET['code'], REDIRECT_URI);

//Get all organizations
$orgdata = PodioOrganization::get_all();

foreach ($orgdata as $org => $orgv){
    print "{$orgdata[$org]->name} <br />";
    foreach ($orgdata[$org]->spaces as $keyspaces => $works){print "--{$orgdata[$org]->spaces[$keyspaces]->name} <br />";} print "<br><br>";
}

Podio::$debug = true;

}
else {
$auth_url = rawurldecode(Podio::authorize_url(REDIRECT_URI));
// Podio::authorize_url prepends 'https://podio.com/oauth/authorize?client_id=podioapitest-bh9oo0&redirect_uri='
print "<a href='{$auth_url}'>Login with Podio Account</a>";
}

?>

</body></html>

Tikboy 0 votes
Permalink
0
Avatar

Yes, I did and saved it in session.php

I changed Podio::Setup now to same class but still an error when I refresh

Here's my Session Code (copy-paste)

<?php

class PodioBrowserSession {

/**
* For sessions to work they must be started. We make sure to start
* sessions whenever a new object is created.
*/

public function __construct() {
if(!session_id()) {
session_start();
}
}

/**
* Get oauth object from session, if present. We ignore $auth_type since
* it doesn't work with server-side authentication.
*/
public function get($auth_type = null) {
// Check if we have a stored session
if (!empty($_SESSION['podio-php-session'])) {

  // We have a session, create new PodioOauth object and return it
  return new PodioOAuth(
    $_SESSION['podio-php-session']['access_token'],
    $_SESSION['podio-php-session']['refresh_token'],
    $_SESSION['podio-php-session']['expires_in'],
    $_SESSION['podio-php-session']['ref']
  );
}

// Else return an empty object
return new PodioOAuth();

}

/**
* Store the oauth object in the session. We ignore $auth_type since
* it doesn't work with server-side authentication.
*/
public function set($oauth, $auth_type = null) {
// Save all properties of the oauth object in a session
$_SESSION['podio-php-session'] = array(
'access_token' => $oauth->access_token,
'refresh_token' => $oauth->refresh_token,
'expires_in' => $oauth->expires_in,
'ref' => $oauth->ref,
);
}

}
?>

Tikboy 0 votes
Permalink
0
Avatar

Hi Michael,

Thanks for sharing the code :)

From reading your code, I believe the issue when you refresh is that you call with an authorization code you've already used. You should only call Podio::authenticate_with_authorization_code if you're not authorized and never with the same authorization code. Your condition on line 14 Podio::is_authenticated() || isset($_GET['code'] is true whenever $_GET['code'] is present, even if you've already authenticated once.

Best,
Andreas

Andreas Garnæs 0 votes
Permalink
0
Avatar

But the problem after removing that is that I don't know how I can access the data. Because now im getting this error:

Fatal error: Call to undefined method Podio::get_all()

everytime I call Podio::get_all();

i.e: $orgdata = Podio::get_all();

Tikboy 0 votes
Permalink
0
Avatar

No worries. I thought you got tired of my questions. haha. Sorry, just a newbie in this thing. Any books that you can recommend that can help me learn APIs in general?

Tikboy 0 votes
Permalink