OAuth2 returns invalid_client error
good day,
I'm having trouble with getting the access token. I've followed the guide here: http://developers.box.com/oauth/ and already get my client_id, client_secret, and set the redirect_uri on the App settings (OAuth2 parameters) section.
Here is the code for the file client.php
<?php
$client_id = 'my_client_id_here'; //removed
$post_url = 'https://www.box.com/api/oauth2/authorize';
include 'includes/header.php';
?>
<div id="content">
<form action="<?php echo $post_url; ?>" type="POST" enctype="application/x-www-form-urlencoded">
<input type="text" name="response_type" value="code">
<input type="text" name="client_id" value="<?php echo $client_id; ?>">
<input type="text" name="state" value="vexhax97td8xf_SomeTemporaryValueForTesting">
<input type="submit">
</form>
<div id="response"></div>
</div>
<?php
include 'includes/footer.php';
?>
and here's code for the file something.php (this is where the redirect_uri will go)
<?php
$client_id = 'my_client_id_here'; //removed
$client_secret = 'my_client_secrect_here'; //removed
$post_url = 'https://www.box.com/api/oauth2/token';
$code = $_GET['code'];
include 'includes/header.php';
$fields_params = array(
"grant_type" => 'authorization_code',
"code" => $code,
"client_id" => $client_id,
"client_secret" => $client_secret
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $post_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_params);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Accept: application/json'
));
$data = curl_exec($ch);
curl_close($ch);
$json = json_decode($data, true);
var_dump($json);
?>
<div id="content">
<?php
//Nothing fancy, just for displaying passed values
if (isset($_GET))
var_dump($_GET);
if (isset($_POST))
var_dump($_POST);
?>
</div>
<?php
include 'includes/footer.php';
?>
...now what happens is,
1.) on the first step (client.php), there is a form there with submit button.
2.) After i clicked on the submit button, i get redirected to the Box' login page with the button "Authorize".
3.) after entering login details and allow granting access for my app. I now gets redirected to the redirect_uri that i've set on the App settings (something.php), where in this file, it will execute curl post to get an access token, but i get stuck at this part, the curl result returns with the error:
array(2) { ["error"]=> string(14) "invalid_client" ["error_description"]=> string(34) "The client credentials are invalid" }
I'm sure that I have entered my client_id and client_secret correctly which I've obtained from the App settings. And the url for the redirect_uri, is also SSL enabled.
Any solutions, ideas why this is happening?
Thank you for your help.
Answer
The problem is in the cURL headers you're setting something.php. Remove the Content-Type header. In fact, you can not set the headers at all - cURL will send the correctly encoded parameters and Box will return JSON data by default.
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/json'
));