Can authorise, but cannot seem to make calls with a new provider

Hi, I am looking for a php oAuth2 client that I can use with the Europeana API - http://labs.europeana.eu/api/authentication/ and http://labs.europeana.eu/api/myeuropeana

I have configured oauth_configuration.json with ...

"Europeana":
{
"oauth_version": "2.0",
"dialog_url": "http://europeana.eu/api/oauth/authorize?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&state={STATE}",
"access_token_url": "http://europeana.eu/api/oauth/token"
},

... and created a new login_with_europeana.php to include ...

$client->server = 'Europeana';
$client->redirect_uri = 'http://'.$_SERVER['HTTP_HOST'].
dirname(strtok($_SERVER['REQUEST_URI'],'?')).'/login_with_europeana.php';

$client->client_id = 'xxxxxxx'; $application_line = __LINE__;
$client->client_secret = 'xxxxxxxx';

if(strlen($client->client_id) == 0
|| strlen($client->client_secret) == 0)
die('Please go to Europeana Labs page http://labs.europeana.eu/ , '.
'register for an API key, and in the line '.$application_line.
' set the client_id to Key and client_secret with Secret.');

$client->scope = ''; // no scopes required on Europeana
if(($success = $client->Initialize()))
{
if(($success = $client->Process()))
{
if(strlen($client->access_token))
{
$mytoken = $client->access_token;

//CallAPI($url, $method, $parameters, $options, &$response)
$success = $client->CallAPI(
'http://europeana.eu/api/v2/user/saveditem.json',
'GET', array(
'action'=>"LIST"
), array('FailOnAccessError'=>true), $user);
}
}
$success = $client->Finalize($success);
}

The dialog_url parameters were through trial and error!

So, the authentication flow works and I get a 'you have logged in successfully' message. But it is failing to return anything from the call to saveditem.json

However, if I go to a new tab in my browser and paste in the call I get a full authenticated response.

If anyone can tell me how to debug this I'd be very appreciative!

I don't know how you are determining that it does not return anything. If you pass the $user variable to the CallAPI function, it is that variable $user that you need to check.

If you may also want to set the debug and debug_http variables to true and check your PHP error log to see what messages appear there, as you can see the actual HTTP response that is returned.

Hi Manuel

Thanks for the prompt reply. In answer to your first question, I can see in my log that when I try to access $user it is an undefined variable.

After turning on debugging (thanks for the tip) I get the log entries pasted below. Note that I have obscured any sensitive values with xxx but from everything I saw they appear to be fine. Also note the fact that once I have gone through this, plain calls in my browser to the restricted API methods work (and I can see session IDs for both europeana.eu and localhost in my cookies).

Thanks for any insight you can provide.

James

---

[19-Oct-2014 10:05:32 Europe/Berlin] OAuth client: Checking if OAuth access token was already retrieved from http://europeana.eu/api/oauth/token
[19-Oct-2014 10:05:32 Europe/Berlin] OAuth client: A valid access token is not available
[19-Oct-2014 10:05:32 Europe/Berlin] OAuth client: Checking the authentication state in URI /europeana/myeuropeana/oauth/login_with_europeana.php
[19-Oct-2014 10:05:32 Europe/Berlin] OAuth client: Redirecting to OAuth Dialog http://europeana.eu/api/oauth/authorize?response_type=code&client_id=oANfAVkjV&redirect_uri=http%3A%2F%2Flocalhost%2Feuropeana%2Fmyeuropeana%2Foauth%2Flogin_with_europeana.php&state=1413705932-03c8fb
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: Checking if OAuth access token was already retrieved from http://europeana.eu/api/oauth/token
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: A valid access token is not available
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: Checking the authentication state in URI /europeana/myeuropeana/oauth/login_with_europeana.php?code=bfqtUu&state=1413705932-03c8fb
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: Checking the authentication code
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: Accessing the OAuth access token at http://europeana.eu/api/oauth/token
[19-Oct-2014 10:05:41 Europe/Berlin] Connecting to europeana.eu
[19-Oct-2014 10:05:41 Europe/Berlin] Resolving HTTP server domain "europeana.eu"...
[19-Oct-2014 10:05:41 Europe/Berlin] Connecting to HTTP server IP 145.100.31.20 port 80...
[19-Oct-2014 10:05:41 Europe/Berlin] Connected to europeana.eu
[19-Oct-2014 10:05:41 Europe/Berlin] C POST /api/oauth/token HTTP/1.1
[19-Oct-2014 10:05:41 Europe/Berlin] C Host: europeana.eu
[19-Oct-2014 10:05:41 Europe/Berlin] C User-Agent: PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.119 $)
[19-Oct-2014 10:05:41 Europe/Berlin] C Accept: */*
[19-Oct-2014 10:05:41 Europe/Berlin] C Connection: Keep-Alive
[19-Oct-2014 10:05:41 Europe/Berlin] C Content-Type: application/x-www-form-urlencoded
[19-Oct-2014 10:05:41 Europe/Berlin] C Content-Length: 182
[19-Oct-2014 10:05:41 Europe/Berlin] C
[19-Oct-2014 10:05:41 Europe/Berlin] C code=xxx&redirect_uri=http%3A%2F%2Flocalhost%2Feuropeana%2Fmyeuropeana%2Foauth%2Flogin_with_europeana.php&grant_type=authorization_code&client_id=xxx&client_secret=xxx
[19-Oct-2014 10:05:41 Europe/Berlin] S HTTP/1.1 401 Unauthorized
[19-Oct-2014 10:05:41 Europe/Berlin] S Date: Sun, 19 Oct 2014 08:05:43 GMT
[19-Oct-2014 10:05:41 Europe/Berlin] S Server: Apache-Coyote/1.1
[19-Oct-2014 10:05:41 Europe/Berlin] S Cache-Control: no-store
[19-Oct-2014 10:05:41 Europe/Berlin] S Pragma: no-cache
[19-Oct-2014 10:05:41 Europe/Berlin] S WWW-Authenticate: Bearer realm="Europeana API2", error="unauthorized", error_description="An Authentication object was not found in the SecurityContext"
[19-Oct-2014 10:05:41 Europe/Berlin] S Content-Type: application/json;charset=UTF-8
[19-Oct-2014 10:05:41 Europe/Berlin] S Vary: Accept-Encoding,User-Agent
[19-Oct-2014 10:05:41 Europe/Berlin] S Connection: close
[19-Oct-2014 10:05:41 Europe/Berlin] S Transfer-Encoding: chunked
[19-Oct-2014 10:05:41 Europe/Berlin] S
[19-Oct-2014 10:05:41 Europe/Berlin] S 6c
[19-Oct-2014 10:05:41 Europe/Berlin] S {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
[19-Oct-2014 10:05:41 Europe/Berlin] S 0
[19-Oct-2014 10:05:41 Europe/Berlin] S
[19-Oct-2014 10:05:41 Europe/Berlin] Disconnected from europeana.eu
[19-Oct-2014 10:05:41 Europe/Berlin] OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"error":"unauthorized","error_description":"An Authentication object was not found in the SecurityContext"}
[19-Oct-2014 10:05:41 Europe/Berlin] PHP Notice: Undefined variable: user in /Applications/MAMP/htdocs/europeana/myeuropeana/oauth/login_with_europeana.php on line 86

It seems authorization token retrieving is failing probably because the credentials may not be correct. I do not see any other possible reason.

Thanks again Manuel. I think the credentials must be correct as after running this I can open a new tab and make calls as an authenticated user. But I've now asked someone who has used this authentication before, to see what he can work out!

You can open those pages on the browser because you logged with the site. That has nothing to do with OAuth authorization.

That just proves the client_id is correct, but if the token retrieval request returns failed authorization, maybe the client secret is not correct.

Maybe you entered something that is not really the client_secret. Another possibility is that the redirect_uri is not acceptable, some servers do not allow local server URLs or domains they cannot resolve.

I am busy right now, but if you cannot sort the problem, I can try later if I can make it.

Hi, I really appreciate your help. Apologies for my misunderstanding. I have double checked the secret and that seems to be fine. But I may try another key pair just in case.

I also deployed a version on a public web server to test your suggestion about localhost, but that yielded the same results.

As I mentioned, I have now got someone who has worked on this authentication before taking a look. But all other suggestions for testing/debugging would be welcome.

Thanks again, James

I tried it here and the results are the same as yours. It could an issue with their API using OAuth. Did you ask in their support discussion group?

groups.google.com/forum/?pli=1#!for ...