0

I'm trying to connect to the Asana API via Asana-php. When I create my index.php and put the code need to connect with OAuth I have some problems trying to connect to Asana. [this is my app in Asana][1]. How do I connect toAsana` or what I do wrong. My code is this: 

require '/vendor/autoload.php';

$ASANA_CLIENT_ID = getenv('my_asana_client_id');
$ASANA_CLIENT_SECRET = getenv('my_asana_client_secret');

$client = Asana\Client::oauth(array(
'client_id' => $ASANA_CLIENT_ID,
'client_secret' => $ASANA_CLIENT_SECRET,
// this special redirect URI will prompt the user to copy/paste the code.
// useful for command line scripts and other non-web apps
'redirect_uri' => 'https://chefpepper.dyndns.org/ChefPepperProjects/auth/asana/callback'
));

echo "authorized=" . $client->dispatcher->authorized . "\n";

# get an authorization URL:
$state = null;
$url = $client->dispatcher->authorizationUrl($state);`
Noah Cristino
  • 757
  • 8
  • 29
Patrickr3
  • 1
  • 1

1 Answers1

1

I'm a Developer Advocate at Asana, and maybe I can help you out!

First, it's probably a good idea to brush up on the OAuth flow (we have some docs on this). Basically the idea is that there are 3 actors: the user, your app, and Asana. The flow you're likely looking for is here.

The short version is, for OAuth apps:

  • You send the user to a URL that Asana owns from anywhere (it doesn't have to be in your integration, just a straight link will do) with your client id. This lets the user grant you access.
  • If they agree, Asana sends back a redirect request to the user's browser with a long-lived code. Note that this means that your server will be called from the user's browser with this code, so has to handle a new incoming request from the browser to whatever you specified as your redirect URI, and that this location must be accessible by all users of your integration, wherever they are.
  • You send this code and your client secret to Asana with fetchToken in php (or refreshAccessToken when the last token expires). This is where your application actually asks for authorization.
  • We send back a refresh token which represents (approximately) a client-user credential pair that is valid for an hour.
  • You use these credentials to access our API on behalf of this user.

So there are a couple of steps after where this code leaves off from the oauth example in our php library that you need to go through in order to get going. You got to the part where you initialized the client and generated the link that users need to go to, but not the rest of it (i.e. you never actually had your php script ask Asana for credentials), so I'd recommend keep going with the example and see how far you can get!

(As a side note, if this is for your own use and not for other users, personal access tokens are 10x easier to get started with, though they represent the actual access credential - so don't hand them out to others!)

Matt
  • 10,434
  • 1
  • 36
  • 45