0

respect to the whole stack exchange community,

Tried to hold off for as long as i can(7 days) before asking, who/what is responsible for the following errors:

{"error":"invalid_client"}

According to the documentation: http://www.meetup.com/meetup_api/auth/#oauth

invalid_client  = Client authentication failed

which doesn't help me know as much as i would like.

Basically i am dealing with Oauth 2, meetup api, php and curl. The latter 2 i am reasonably comfortable with.

So who is at fault here?

I can see that the code comes back 

oauth-meetup.php?code=e7f7523c66776c41e001acd00dc48e2a&state=

as a response i just can't get a valid token.

i had a feeling it might be a SSL/cert issue so i followed this post but got this error:

{"error":"invalid_grant","error_description":"Invalid code"}

then i set 

CURLOPT_SSL_VERIFYPEER => FALSE,
CURLOPT_SSL_VERIFYHOST => 0

no difference.

The issue must surely be isolated to my setup, however i really need help, i want to attach the code here if you can please help me!

Community
  • 1
  • 1
Harry Bosh
  • 3,611
  • 2
  • 36
  • 34
  • 1
    there's no SSL/cert issue: since you get an OAuth error response from the server it means that it has connected succesfully; please show the code that you use to exchange the `code` for an `access_token` as the error must be in there – Hans Z. Jan 23 '15 at 15:33
  • I forgot to mention support sent me this " It looks like you are using the same authorization code more than once. You can only use the authorization code you get back from our servers after obtaining member authorization once in this oauth step -- http://www.meetup.com/meetup_api/auth/#oauth2server-access " But the script checks if the code is empty so i dont see how this is a problem – Harry Bosh Jan 23 '15 at 22:25

2 Answers2

0

Looking at the code in the link: can you verify that you use the correct client_id and client_secret and that they don't contain "special" characters, such as &? Since the code in socialmedia_oauth_connect.php does not properly URL-encode the client_id and client_secret that is a problem when their values contain characters that are not URL-safe.

Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • client_id=r70fm0aITSOKbr0hj0eis5tuh&client_secret=2k54knITSOK88rm2kdq3u63ggr&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fdev.webdesignfavourites.com%2Fwp%2Fwp-content%2Fplugins%2Fwp-hq-membership%2Fclasses%2Foauth-login%2Fhq-oauth-meetup.php%3F&code=e313791a57111e178d3ddd622a805849 – Harry Bosh Jan 23 '15 at 15:57
  • So yeah i changed the client id & secret slightly for security, but they look well formed. – Harry Bosh Jan 23 '15 at 15:57
0

The problem was encoding.

Use either http_build_query:

        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

or

        ."&redirect_uri=".urlencode($this->redirect_uri)
Harry Bosh
  • 3,611
  • 2
  • 36
  • 34