1
<?php

$client_id = "XXXXXXXXX1";
$client_secret = "XXXXXXXXXX2";
$redirect_URI = "XXXXXXXXX3";
$auth_code = htmlspecialchars($_GET["code"]);

$post_field_array = array(
  'client_id'     => $client_id,
  'client_secret' => $client_secret,
  'grant_type'    => 'authorization_code',
  'code'          => $auth_code,
  'redirect_uri'  => $redirect_uri,
  'scope'         => 'basic genomes');

$post_fields = '';
foreach ($post_field_array as $key => $value)
  $post_fields .= "$key=" . urlencode($value) . '&';
$post_fields = rtrim($post_fields, '&');

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.23andme.com/token/');
curl_setopt($ch, CURLOPT_POST, count($post_field_array));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$encoded_json = curl_exec($ch);

$response = json_decode($encoded_json, true);
$access_token = $response['access_token'];

print $access_token;
?>

This script is run from the same URL as $redirect_URI, per the specifications of the 23andMe API (https://api.23andme.com/docs/authentication/). However, no matter what I try, the script simply outputs nothing. What am I doing wrong here?

connoraw
  • 173
  • 1
  • 2
  • 11

2 Answers2

1

I do not know why it doesn't work but I would suggest you to do some debugging. Start with

print_r($encoded_json)

(or use var_dump) and see what the output of that might be. Does curl_exec fail?

Try setting the verbose flag to curl and see if that will throw any errors(warnings) that can push you towards the issue

curl_setopt($ch, CURLOPT_VERBOSE, true);
man0v
  • 654
  • 3
  • 13
1

First up, I get these 3 notices, code doesn't exist unless I pass it on the querystring, redirect_uri has different case in both uses, access_token probably doesn't exist, because an error authenticating occurred

Notice: Undefined index: code in test.php on line 6

Notice: Undefined variable: redirect_uri in test.php on line 13

Notice: Undefined index: access_token in test.php on line 29

<?php

$client_id = "XXXXXXXXX1";
$client_secret = "XXXXXXXXXX2";
$redirect_uri = "XXXXXXXXX3";  // FIXED VARIABLE NAMING HERE
$auth_code = htmlspecialchars($_GET["code"]);

$post_field_array = array(
    'client_id'     => $client_id,
    'client_secret' => $client_secret,
    'grant_type'    => 'authorization_code',
    'code'          => $auth_code,
    'redirect_uri'  => $redirect_uri,
    'scope'         => 'basic genomes');

$post_fields = '';
foreach ($post_field_array as $key => $value)
    $post_fields .= "$key=" . urlencode($value) . '&';
$post_fields = rtrim($post_fields, '&');

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.23andme.com/token/');
curl_setopt($ch, CURLOPT_POST, count($post_field_array));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$encoded_json = curl_exec($ch);

$response = json_decode($encoded_json, true);

// DUMP RESPONSE IF ERROR OCCURS, ACCESS WON'T EXIST
var_dump($response);

$access_token = $response['access_token'];

print $access_token;
bumperbox
  • 10,166
  • 6
  • 43
  • 66