HybridAuth with Google provider randomly returns “invalid_request” when authenticating

冷暖自知 提交于 2019-12-05 17:01:24

Managed to solve the issue. It looks like Hybridauth was passing an array into the POSTFIELDS

curl_setopt($ch, CURLOPT_POSTFIELDS, array( 
    'code='. urlencode($code),
    'client_id=' . urlencode($clientID),
    'client_secret=' . urlencode($clientSecret),
    'redirect_uri=http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php',
    'grant_type=authorization_code'
)); 

When the input is an array the resulting Content-Type will be multipart/form-data which is not compliant with the OAuth 2.0 spec and the server will ignore it. When the input is a query-encoded string (e.g built using http_build_query) the Content-Type: will be application/x-www-form-urlencoded, which is what the spec requires.

See the "Notes" section at: http://php.net/manual/en/function.curl-setopt.php

Therefore, if we pass it as a querystring :

curl_setopt($ch, CURLOPT_POSTFIELDS,
    'code=' . urlencode($code) . '&' .
    'client_id=' . urlencode($clientID) . '&' .
    'client_secret=' . urlencode($clientSecret) . '&' .
    'redirect_uri=http%3A%2F%2Flocalhost%2Fexperiments%2FnewGALogin.php' . '&'     .
    'grant_type=authorization_code' 
); 

We are no longer seeing this issue.

Hope it helps!

@Adzzz answer is correct (thx a lot). Some code to patch hybridAuth...

//file hybridauth/hybridauth/Hybrid/thirdparty/OAuth/OAuth2Client.php line 234   
if( $type == "POST" ){
  curl_setopt($ch, CURLOPT_POST, 1);
  $paramsString="";
  if($params){
    foreach($params as $k=>$v){
        $paramsString.=$k."=";
        $paramsString.=$v."&";
    }
    curl_setopt( $ch, CURLOPT_POSTFIELDS, $paramsString );
  }
  //original code curl_setopt( $ch, CURLOPT_POSTFIELDS, $params );
}
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!