I am trying to get access token for user with credentials , that is registered in DB, with OAuth2.
In my oauth_clients
I have a valid client with 'client_id=myclientid', 'client_secret=myclientsecret', 'grant_types=password'.
In my oauth_users
table I have test user with 'username=Beno', 'password=aa888'.
I am sending data to 'http://myserver.com/token.php' like this
$ch = curl_init( 'http://myserver.com/token.php' );
curl_setopt( $ch, CURLOPT_HEADER, true);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt( $ch, CURLOPT_POST, true);
curl_setopt( $ch, CURLOPT_POSTFIELDS, array(
'client_id' => 'myclientid',
'client_secret' => 'myclientsecret',
'grant_type' => 'password',
'username' => 'Beno',
'password' => 'aa888',
'u_id' => 53
) );
$auth = curl_exec( $ch );
on token.php I have this
<?php
if( file_exists("system/includes/autoload.php") ):
require_once("system/includes/autoload.php");
else:
require_once("../system/includes/autoload.php");
endif;
require_once('oauth2-server-php/src/OAuth2/Autoloader.php');
$dsn = 'mysql:dbname='.DATABASENAME.';host='.DBSERVERADDRESS.'';
// error reporting (this is a demo, after all!)
ini_set('display_errors',1);error_reporting(E_ALL);
// Autoloading (composer is preferred, but for this example let's just do this)
OAuth2\Autoloader::register();
// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storage = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => DBUSERNAME, 'password' => DBPASSWORD));
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2\Server($storage);
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
$server->addGrantType(new OAuth2\GrantType\RefreshToken($storage));
$username = IO::post('username');
$password = IO::post('password');
$user_id = IO::post('u_id');
if ( ! empty( $username ) && ! empty( $password ) & ! empty( $user_id ) ){
$users = array( $username => array('user_id'=> intval($user_id) ,'password' => $password));
$clients = array($client_id => array('client_secret' => $client_secret));
// create a storage object
$storage = new OAuth2\Storage\Memory(array('user_credentials' => $users, 'client_credentials' => $clients));
echo "<pre>";
var_dump($storage);
echo "</pre>";
// create the grant type
$grantType = new OAuth2\GrantType\UserCredentials($storage);
// add the grant type to your OAuth server
$server->addGrantType($grantType);
// Handle a request for an OAuth2.0 Access Token and send the response to the client
$response = new OAuth2\Response();
$re = $server->handleTokenRequest(OAuth2\Request::createFromGlobals(),$response)->send();
echo $re;
}else{
echo "no data";
}
All data is in DB as I have mentioned above. But when I get response it returns me 400 error
{"error":"invalid_client","error_description":"The client credentials are invalid"}