Auth not working

[patik]

I'm following the instructions in the readme for AppDotNet.php auth. The first part works fine. But when I approve the app and it returns to my callback URL, $_GET['code'] is set but both $token and $user are NULL.

[jdolitsky]

are you using $token = $app->getAccessToken($redirectUri); ?

could you share your callback source?

[patik]

This is the page. I'm using the same URI for both the login page and the callback. I'm using http, not https.

https://gist.github.com/3874035

[jdolitsky]

is php-curl installed and enabled on your server? I would recommend trying EZAppDotNet.php and rework the code from there, it does very similar things you're trying to accomplish. you could also try to add these two lines to the top of your file to see if there are any php errors:

error_reporting(E_ALL); ini_set('display_errors', 1);

Best,

Josh

[patik]

Yes, I have curl, and there are no errors. I have a Twitter app running on this server which (obviously) uses Oauth and I haven't had any issues with that.

I think I've narrowed it down. In AppDotNet.php, in httpReq(), the line curl_exec($ch); returns false when making sending the POST data after the user approves the app. I was getting this using my own code (before I tried your library). It appears from the PHP docs that curl_exec returns false when the connection failed.

According to ADN's auth doc, I should get an error object (json) if something is wrong with my parameters/headers/etc. This makes me think there's something wrong with the curl call; then again, I seem to be the only user of this library having issues with this :) Any insights?

[patik]

The issue turned out to be that I was trying to POST from an HTTP domain to app.net's HTTPS server. For anyone else having this issue, here's how to fix that.

[jdolitsky]

@cpatik thanks for following up, I'll refer people to that link in the future

[ravisorg]

Note I submitted a patch for this on the weekend. The library now includes the certificate authority needed to verify app.net's ssl cert, so (in theory) we shouldn't need to disable verifyssl (which really defeats the purpose of ssl).

[patik]

Right, @ravisorg, I should have been more clear – people should use the second method described in that article, which involves invoking the actual .crt file, rather than allowing any SSL connections.

[ravisorg]

Right, exactly. And that that fix is now part of AppDotNetPHP, and the crt is included, so there should be no need for more hacks from users (fingers crossed).

(really I'm just noting it here for anyone who stumbles on this thread)