Member Avatar

prompted by the discussion on antoher thread...

This has stopped working (jQuery/OAuth):

Although this still works (php/no OAuth):

When I start the ball rolling with a click on the jQuery example, I get the authentication box and nothing else. Subsequent clicks bring up the box again.

Me too, although I haven't had time to debug yet. It stops after the redirect which returns the code (all I can see so far).

Member Avatar

I HATE going back to old code. Even though I sort-of-documented it, it's still a chore.

Agreed. Even worse, we were promised nothing would break... ;)

Member Avatar

Heh heh. Well whenever there's a change to an API, I steel myself for the fallout.

Hope to provide you with some insights tomorrow.

Nevermind. It's all good. Apparently the reason it didn't work in the first place was all because of a typo.

Member Avatar

Nah, still doesn't work. Nevermind

Looks like it works to me?

Member Avatar

OK, cleared the cache. It's all good now, thanks.

Glad to hear :) Sorry about that. There was a typo that was precluding my legacy fix from working.

This is the response I get from line 28 in the code below:

HTTP/1.1 100 Continue

HTTP/1.1 400 Bad Request
Date: Sun, 08 Dec 2013 10:32:48 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.10
Set-Cookie: geolocation=NL; path=/;
Vary: Accept-Encoding
Content-Length: 1960
Connection: close
Content-Type: text/html; charset=UTF-8

Using this code for a long while:


$clientId = -1;
$clientSecret = '';
$currentUrl = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

if (!isset($_GET['code']))
    header("Location:$clientId&redirect_uri=" . urlencode($currentUrl));

$ch = curl_init('');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_HEADER, true);

curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'code' => $_GET['code'],
    'redirect_uri' => $currentUrl,
    'client_id' => $clientId,
    'client_secret' => $clientSecret

$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

if ($httpCode == 301 or $httpCode == 302) {
    preg_match("@https?://([-\w\.]+)+(:\d+)?(/([\w/_\-\.]*(\?\S+)?)?)?@", $result, $m);
    $targetUrl = $m[0];
    $urlParts = parse_url($targetUrl);
    parse_str($urlParts['query'], $queryParts);
    $token = $queryParts['access_token'];
    $_SESSION['DwApiAccessToken'] =  $token;

That code should work. Been investigating for like 10 minutes already. Give me another 5 or 10 and then I need to hurry out to a christmas party.

Try changing curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); to curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); ... Did you change that at any time?

My super apologies!! Bug fixed on my end.

Incidentally, you were getting the 400 error b/c there was actually a 500 error in my code ... Somewhere internally, I ran json_decode() without setting the second parameter to true, and I was trying to fetch its property as if it were an array instead of an object.

I set follow to true, but still no go. I get the HTML page for the login page back from curl now. Perhaps my regex is off now, because the header contains the access_token.

See the file. It has Location (redirect) back to my site with the access_token. Probably some change that fails the regex.

Sorry, I'm confused by what you're showing me. You shouldn't have had to change anything. The bug was on my end and I was successfully able to log into your site earlier today.

I was successfully able to log into your site earlier today.

Really? I tried just before posting (and now), and still don't get back to my main page. Now I'm confused. How can you login, yet I can't.

K, NOW it works for me. I've changed line 32 above to include HTTP code 200. Apparently I'm getting a 200 even though there's a status 302 in the returned header.

I have the feeling the flow (on my end) is still not entirely correct.

Prit, when you changed the FOLLOWLOCATION option from false to true, you're now no longer returning the original status headers (which would be 302) but you're following them to where they take you and returning the final status headers after the redirect (which would be 200).

Your site doesn't work anymore for me. What did you change??

What did you change??

Nothing (only the 200 status check). No clue as to why this is happening, and no time to delve deeper. This morning it worked, now it doesn't.

Did you change the CURLOPT_FOLLOWLOCATION option yesterday? You shouldn't have.

It's set to false. I've also removed the 200 check, so the code is exactly as above. Just tried and it worked on the second click of my authorize link.

Closed and re-opened IE, and still worked on the second click. Strange it no longer works on the first. As soon as I get some more time I'll try to figure it out.

Have you had a chance to look into this yet?

Not yet. Busy with more important issues unfortunately.