dsu89430 2013-11-25 19:39
浏览 50
已采纳

YouTube API OAuth无效请求

I simply don't really understand how this whole OAuth authentification thing works and I'm pretty much stuck. I'm trying to let a user authentificate his/her YouTube account to my server using the Google PHP Client API.

Here's my current code:

<?php
require_once app_path().'/google-apis/Google_Client.php';
require_once app_path().'/google-apis/contrib/Google_YouTubeService.php';
class SignupController extends BaseController {

    public function showSignupForm() {
        $client = new Google_Client();
        $client->setClientId('CLIENTID');
        $client->setClientSecret('CLIENTSECRET');
        $client->setAccessType('offline');
        $client->setDeveloperKey('DEVKEY');

        $youtube = new Google_YoutubeService($client);
        $client->authenticate(Input::get('code'));

        $token = json_decode($client->getAccessToken());

        return View::make('signup')->with('google_token', $token->access_token);
    }
    public function getYTAccess() {
        $client = new Google_Client();
        $client->setClientId('CLIENTID');
        $client->setClientSecret('CLIENTSECRET');
        $client->setAccessType('offline');
        $client->setDeveloperKey('DEVKEY');
        $client->setRedirectUri('REDIRECT_URI');
        $youtube = new Google_YoutubeService($client);

        $authUrl = $client->createAuthUrl();
        return View::make('connect_youtube')->with('authUrl', $authUrl);;
    }

}
?>

This is the code for the SignupController in the Laravel-based application I'm building. The relevant routes are as follows:

Route::get('signup/connect_youtube/return', 'SignupController@showSignupForm');
Route::get('signup', 'SignupController@getYTAccess');

I only get an invalid request error after getting redirected to my application and I know it has something to do with the access token, just don't know what.

Any help would be appreciated.

Thanks

Tobias Timpe (Secrets omitted, obviously)

  • 写回答

1条回答 默认 最新

  • dpnw86361 2013-11-26 11:14
    关注

    To put it simply, there are 2 steps (at least) you have to do: 1. pass the correct parameters to google. The parameters tell you 1. who you are (you need to present your client id and client secret), 2. what you ask for (in your case youtube scope) 3. redirect_uri which is where your user will be redirected back after she accepts your app's request. 4. other options like access_type=offline which specifies that you have a backend server to continue the auth flow.

    To check that this step works correctly, you don't always need run the code. Just print out your auth_url that the sdk makes for you. All those parameters i mentioned should be embedded there. Copy-paste the url in the browser, if the parameters are correct, it will take you to Google's consent page. If not, most likely is because the parameters you set in Google Apis setting page are mismatched with your parameters scripted in the auth_url. Examples are mismatched domains, redirect_uris, client_ids, client_secrets. I'm not sure if this is the error that you are receiving.

    If your parameters are good, Google will let your user to login and allow youtube scope access for your app ('consent'). It will redirect user's browser back to your specified 'redirect_uri' with the parameter code=. So this will get you to the step 2 your server script has to process.

    1. The value shooted from Google in the parameter ?code is what you need to get access token. So your server route (redirect_uri) needs to extract the code parameter and pass to the google api to exchange for 'credentials'. Note that the auth code can be used only once. The response credentials will contain access_token and refresh_token. These are important for the api calling so you need to persist them in a storage, possibly with google sdk you are using.

    Hope that helps.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?