Podio API authentication error after refresh (PodioConnectionError)
Answered
im trying out podio api for the first time and was able to authenticate (through server) but im getting error every time I refresh the page.
Error: Fatal error: Uncaught PodioInvalidGrantError: "Sorry, your OAuth code is invalid." Request URL: http://api.podio.com/oauth/token Stack Trace: #0
I find it weird because im able to pass the 2nd REDIRECT_URI after authentication but when I refresh the page im getting the error above.
if (isset($_GET['error'])) {
print "There was a problem. The server said: {$_GET['error_description']}";}
else {
// Finalize authentication. Note that we must pass the REDIRECT_URI again.
$auth = rawurldecode(REDIRECT_URI);
Podio::authenticate_with_authorization_code($_GET['code'], $auth);
print "You have been authenticated! <br /><br>";
}
-
Here it is andreas. Thanks in advance!
<html><head></head><body>
<?php
require_once './PodioAPI.php';define("REDIRECT_URI", 'http://localhost/podio/');
define("CLIENT_ID", 'podioapitest-musmij');
define("CLIENT_SECRET", 'Y0GXKBi7WgEep1IcrJ5GNJ6r8Utv7CWuURCc0JwOw3QZpGUwnTrbUBGoRkGQOZXw');$api = Podio::setup(CLIENT_ID, CLIENT_SECRET);
if (!isset($_GET['code']) && !Podio::is_authenticated()) {
$auth_url = rawurldecode(Podio::authorize_url(REDIRECT_URI));
// Podio::authorize_url prepends 'https://podio.com/oauth/authorize?client_id=podioapitest-bh9oo0&redirect_uri='
print "<a href='{$auth_url}'>Login with Podio Account</a>";
}
elseif (Podio::is_authenticated()) {
print "You were already authenticated and no authentication is needed.";
}
elseif (isset($_GET['code'])) {
// User is being redirected back from podio.com after authenticating.
// The authorization code is available in $_GET['code']
// We use it to finalize the authentication
// If there was a problem $_GET['error'] is set:
if (isset($_GET['error'])) {
print "There was a problem. The server said: {$_GET['error_description']}";
}
else {
// Finalize authentication. Note that we must pass the REDIRECT_URI again.
print "hello";
$auth = rawurldecode(REDIRECT_URI);
Podio::authenticate_with_authorization_code($_GET['code'], $auth);
print "You have been authenticated! <br /><br>";$access_token = Podio::$oauth->access_token; $expires_in = Podio::$oauth->expires_in; $refresh_token = Podio::$oauth->refresh_token; print "Access Token = {$access_token}<br>"; print "Expires In {$expires_in}<br>"; print "Refresh Token {$refresh_token}<br><br>"; print "The access token is automatically saved in a session for your convenience.<br><br>"; $status = PodioUserStatus::get(); $orgdata = PodioOrganization::get_all(); $apps = PodioApp::get_all( $attributes = array() ); print "Your user id is <b>{$status->user->id}</b> and you have <b>{$status->mail}</b> unread messages or notification.<br><br>"; foreach ($orgdata as $org => $orgv){ print "{$orgdata[$org]->name} <br />"; foreach ($orgdata[$org]->spaces as $keyspaces => $works){print "--{$orgdata[$org]->spaces[$keyspaces]->name} <br />";} print "<br><br>"; }print "hi";}
}
?></body></html>
-
The issue is that session management is not enabled by default. When you reload the page the second time, the script tries to authenticate with the same code a second time (hence giving an error). If you add a session manager as described here, it should all just work(tm): http://podio.github.io/podio-php/sessions/
-
If it's ok. can you help me again? Im just really noob in API.
How should I use PodioUserStatus::get() or PodioOrganization::get_all(); now? Because im getting a new error now:
Fatal error: Uncaught PodioAuthorizationError: "invalid_request" Request URL: http://api.podio.com/user/status Stack Trace: #0
-
I was able to do it but then back to previous problem: im getting error when I refresh
<html><head></head><body>
<?php
session_start('PodioSession');
require_once './PodioAPI.php';
require_once './session.php';define("REDIRECT_URI", 'http://localhost/jpodio/');
define("CLIENT_ID", 'podioapitest-musmij');
define("CLIENT_SECRET", 'Y0GXKBi7WgEep1IcrJ5GNJ6r8Utv7CWuURCc0JwOw3QZpGUwnTrbUBGoRkGQOZXw');$hey = array("session_manager" => "PodioSession");
Podio::setup(CLIENT_ID, CLIENT_SECRET, $hey);if (Podio::is_authenticated() || isset($_GET['code'])) {
print "Authenticated! <br /><br>";Podio::authenticate_with_authorization_code($_GET['code'], REDIRECT_URI); //Get all organizations $orgdata = PodioOrganization::get_all(); foreach ($orgdata as $org => $orgv){ print "{$orgdata[$org]->name} <br />"; foreach ($orgdata[$org]->spaces as $keyspaces => $works){print "--{$orgdata[$org]->spaces[$keyspaces]->name} <br />";} print "<br><br>"; } Podio::$debug = true;}
else {
$auth_url = rawurldecode(Podio::authorize_url(REDIRECT_URI));
// Podio::authorize_url prepends 'https://podio.com/oauth/authorize?client_id=podioapitest-bh9oo0&redirect_uri='
print "<a href='{$auth_url}'>Login with Podio Account</a>";
}?>
</body></html>
-
Hi Michael,
Did you also copy/paste the
PodioBrowserSession-implementation from the documentation? http://podio.github.io/podio-php/sessions/#example-store-access-tokens-in-browser-session-cookieAlso, the name of this class needs to match the one you pass to
Podio::setup, e.g.Podio::setup(CLIENTID, CLIENT_SECRET, array("session_manager" => "PodioBrowserSession"));Best,
Andreas -
Yes, I did and saved it in session.php
I changed Podio::Setup now to same class but still an error when I refresh
Here's my Session Code (copy-paste)
<?php
class PodioBrowserSession {
/**
* For sessions to work they must be started. We make sure to start
* sessions whenever a new object is created.
*/public function __construct() {
if(!session_id()) {
session_start();
}
}/**
* Get oauth object from session, if present. We ignore $auth_type since
* it doesn't work with server-side authentication.
*/
public function get($auth_type = null) {
// Check if we have a stored session
if (!empty($_SESSION['podio-php-session'])) {// We have a session, create new PodioOauth object and return it return new PodioOAuth( $_SESSION['podio-php-session']['access_token'], $_SESSION['podio-php-session']['refresh_token'], $_SESSION['podio-php-session']['expires_in'], $_SESSION['podio-php-session']['ref'] ); } // Else return an empty object return new PodioOAuth();}
/**
* Store the oauth object in the session. We ignore $auth_type since
* it doesn't work with server-side authentication.
*/
public function set($oauth, $auth_type = null) {
// Save all properties of the oauth object in a session
$_SESSION['podio-php-session'] = array(
'access_token' => $oauth->access_token,
'refresh_token' => $oauth->refresh_token,
'expires_in' => $oauth->expires_in,
'ref' => $oauth->ref,
);
}}
?> -
Could you share the full code again please, preferably somewhere that preserves formatting like https://gist.github.com or similar?
Thanks,
Andreas -
im sorry. here: https://gist.github.com/anonymous/eedf1574e28dd3c9da6f
-
Hi Michael,
Thanks for sharing the code :)
From reading your code, I believe the issue when you refresh is that you call with an authorization code you've already used. You should only call
Podio::authenticate_with_authorization_codeif you're not authorized and never with the same authorization code. Your condition on line 14Podio::is_authenticated() || isset($_GET['code']is true whenever$_GET['code']is present, even if you've already authenticated once.Best,
Andreas -
Hi Michael,
Sorry for the late reply, I've been away for two weeks.
The function
Podio::get_all()is not defined. Maybe the documentation on accessing items is helpful? http://podio.github.io/podio-php/items/Best,
Andreas
Please sign in to leave a comment.
Comments
16 comments