0

I'm writing a laravel application with the use of League\Oauth2 and Guzzle but I seem to be stuck with something that should be easy.

My authorization works as expected

$provider = new GenericProvider([
  'clientId'                => config('custom.client_id'),
  'clientSecret'            => config('custom.client_secret'),
  'redirectUri'             => config('custom.redirect_url'),
  'urlAuthorize'            => config('custom.authorize_url'),
  'urlAccessToken'          => config('custom.accesstoken_url'),
  'urlResourceOwnerDetails' => config('custom.resource_url')
]);

if(!isset($_GET['code'])) {

   ...

} else {

   $accessToken = $provider->getAccessToken('authorization_code', [
      'code' => $_GET['code']
    ]);

}

But when I use the same with the refresh token I get an error

$provider = new GenericProvider([
        'clientId'                => config('custom.client_id'),
        'clientSecret'            => config('custom.client_secret'),
        'redirectUri'             => config('custom.redirect_url'),
        'urlAuthorize'            => config('custom.authorize_url'),
        'urlAccessToken'          => config('custom.accesstoken_url'),
        'urlResourceOwnerDetails' => config('custom.resource_url')
    ]);

$refresh_token = 'xyz';

$newToken = $provider->getAccessToken('refresh_token', [
  'refresh_token' => $refresh_token
]);

Error: Required option not passed: "access_token"

Although the documentation of the library contains the same technique (from https://github.com/thephpleague/oauth2-client)

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
  'clientId'                => 'demoapp',    // The client ID assigned to you by the provider
  'clientSecret'            => 'demopass',   // The client password assigned to you by the provider
  'redirectUri'             => 'http://example.com/your-redirect-url/',
  'urlAuthorize'            => 'http://brentertainment.com/oauth2/lockdin/authorize',
  'urlAccessToken'          => 'http://brentertainment.com/oauth2/lockdin/token',
  'urlResourceOwnerDetails' => 'http://brentertainment.com/oauth2/lockdin/resource'
]);

$existingAccessToken = getAccessTokenFromYourDataStore();

if ($existingAccessToken->hasExpired()) {
  $newAccessToken = $provider->getAccessToken('refresh_token', [
    'refresh_token' => $existingAccessToken->getRefreshToken()
  ]);

    // Purge old access token and store new access token to your data store.
}

If I build this same request with cURL, everything works ok

$refresh_token = "xyz";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.endpoint/oauth2/access_token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
    'refresh_token' => $refresh_token,
    'client_id' => $clientId,
    'client_secret' => $clientSecret,
    'grant_type' => 'refresh_token',
]);

I'm at a loss here, I'm probably missing something stupid but can't get my head around it atm.

Tx for any feedback!

Zadder
  • 75
  • 1
  • 6
  • 1
    Are you actually using "xyz" as a value for your refresh token? Also, I don't see where you actually executed your manual cURL request: `curl_exec($ch);` – Adam Rodriguez Jul 17 '19 at 19:35
  • Your code seems to be good from what I could tell. I can only guess that the refresh_token is wrong, as adam suggests. You could `var_dump` the requests options and see how the requests are being made, over here: https://github.com/thephpleague/oauth2-client/blob/a68854ffbfa3e301264c287a1f27f3f6404ea246/src/Tool/RequestFactory.php#L44 – ncla Jul 17 '19 at 23:18
  • adam, Obviously I wasn't using "xyz", I put that there for the sake of the example. I left out the curl_exec. The cURL example is working, it's the league example that isn't. ncla, the league example even doesn't get to the part where I get feedback from refresh_token or the request has been send. It just immediately throws the $access_token exception. "Error: Required option not passed: "access_token". I've done everything with cURL now and it all works, just a pitty that for some reasons the league library doesn't work for this ‍♂️ – Zadder Jul 18 '19 at 20:24
  • @Zadder the only thing I can recommend is perhaps asking same question on their GitHub. what happens if you provide the outdated access_token too along the refresh_token? – ncla Jul 19 '19 at 15:43

0 Answers0