0

I'm trying to connect users in my php app to 23 and Me api but having issues when trying to use the provided token. I can successfully get the token with the following http action:

<a href="https://api.23andme.com/authorize/?redirect_uri={{ env('APP_URL') }}/receive_code/&response_type=code&client_id={{ env('DNA_ID') }}&scope=basic names email">Connect with 23andMe</a>

Which redirects to the following controller and successfully returns a token which I store in the users table:

public function connectDNA()
{

    $code = $_GET["code"];

    $client = new Client();
    $result = $client->post('https://api.23andme.com/token/', [
      'form_params' => [
        'client_id' => env('DNA_ID'),
        'client_secret' => env('DNA_SECRET'),
        'grant_type' => 'authorization_code',
        'code' => $code,
        'redirect_uri' => 'http://localhost:8000/receive_code/',
        'scope' => 'basic names email'
      ]
    ]);

    $contents = $result->getBody()->getContents();
    $contents = json_decode($contents);

    $user = Auth::user();
    $user->dna_token = $contents->access_token;
    $user->save();

    return redirect('/home');

}

The problem is when I try to use that token to access the 23 and me API with guzzle, which I suspect is because I don't know how to structure the call. I've tried multiple variations on the following:

$result = $client->get('https://api.23andme.com/3/account/', [
          'Authorization' => $user->dna_token
        ]);

return $result;

UPDATE: The issue seems to be how I'm formatting guzzle. When I curl:

curl "https://api.23andme.com/3/account/" \ > -H "Authorization: Bearer demo_oauth_token"

The API returns a test result, how would I format the above in Guzzle?

Kevin Compton
  • 716
  • 2
  • 9
  • 22

2 Answers2

1

It may be that you're missing the Bearer keyword.

Try:

$result = $client->get('https://api.23andme.com/3/account/', [
    'Authorization' => 'Bearer '.$user->dna_token
]);

return $result;

I'm inferring this from the cURL example in 23andme documentation I see here.

curl "https://api.23andme.com/3/account/" \ -H "Authorization: Bearer demo_oauth_token"

Cameron Hurd
  • 4,836
  • 1
  • 22
  • 31
  • Yes this was suggested by their support however it's still giving me a 401 – Kevin Compton Mar 16 '17 at 19:23
  • There's got to be something going wrong with the access token you're receiving, then. I've just executed that cURL command and got a demo response back, which tells me there aren't any other missing headers to consider. Just to be thorough... try adapting the demo cURL call to your guzzle code, and analyzing the response *it* gives back. – Cameron Hurd Mar 16 '17 at 19:27
  • I just generated a new auth token and tried again to see if it was expired but it's still giving me that error. Could it be that the token is supposed to be something other than a string? – Kevin Compton Mar 16 '17 at 19:31
  • It should be coerced into a string when you concatenate it to `Bearer `, anyway! Might not hurt to cast it as one beforehand, though. – Cameron Hurd Mar 16 '17 at 19:37
  • i did a get type, it's a string. Could this be an issue with guzzle vs how the API expects the call? I don't see how the token could be at my fault without causing an issue for everyone using it. – Kevin Compton Mar 16 '17 at 20:06
0

Ok I found the issue. In order to set a bearer token with guzzle you have to pass it in a header like so:

$result = $client->request('GET', 'https://api.23andme.com/3/account/', [
          'headers' => [
            'Authorization' => 'Bearer ' . $user->dna_token
          ]
        ]);
Kevin Compton
  • 716
  • 2
  • 9
  • 22