PHP API Authorizationi denied

[DaveCain]

Hey,

Has anyone been able to access the API using PHP?

 

I can get an access token no problem and even refresh the token, but when I try to do anything else I just get a 401 error and the message  "Authorization has been denied for this request".

 

Here's my function:

 

function globalMessage($token,$msg) {
	$url = "http://localhost:5400/api/v1/chat/global";
	$data = array
	(
	    'Message' => $msg
	);
	$content = json_encode($data);
	$headr=array();
	$headr[]='Content-type: application/json';
	$headr[]='Authorization: bearer '.$token;
	$curl = curl_init($url);
	curl_setopt($curl, CURLOPT_HTTPHEADER, $headr);
	curl_setopt($curl, CURLOPT_HEADER, false);
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($curl, CURLOPT_POST, true);
	curl_setopt($curl, CURLOPT_POSTFIELDS, $content);
	
	$json_response = curl_exec($curl);
	
	$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
	
	if ( $status != 200 ) {
	    die("Error: call to URL $url failed with status $status, response $json_response, curl_error " . curl_error($curl) . ", curl_errno " . curl_errno($curl));
	}
	
	
	curl_close($curl);
	
	$response = json_decode($json_response, true);
	return $response;
}

Anybody got any ideas?

I'm running this on my local machine, haven't tried from a web server yet.

 

It doesn't matter what I try to do with the API, I get the same error for everything. I used this to test by sending a global chat message as I thought it would be nice and simple!

 

Dave

 

 

 

[DaveCain]

Well, after spending so much time on this, it was something as simple as needing to update my version...

Also the original code does now work.

Thanks for everyone's input!

[jcsnider]

@AriusII: My php isn't great.. and I know you've gotten this far.. what is he doing wrong?

 

I'm kinda thinking it might be these lines... it looks like you're overwriting the content type header to me, but maybe that's correct php syntax for appending the array

$headr[]='Content-type: application/json';

$headr[]='Authorization: bearer '.$token;

 

Worse case I'll try to poke around with this tomorrow and see if I can find some answers.

[wishy]

Not sure if it matters, but Bearer has a capital letter,

 

rest looks fine, have not tested your code though

[Melow417]

Hello, I got it working as you can see in the following image:

 

For this I used the following code:
 

<?php
//Get Token 
function getToken($user,$pass){
	$url = 'http://localhost:5400/api/oauth/token';
	$ch = curl_init($url);

$data = array(
	'grant_type' => 'password',
	'username' => $user,
	'password' => $pass
);
$payload = json_encode($data);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type:application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$var = json_decode($result,true);
$token=$var['access_token'];
curl_close($ch);
return $token;
}
//Submit the globalMessage with the token 
function globalMessage($message,$token){
$url = 'http://localhost:5400/api/v1/chat/global';
$ch = curl_init($url);
$data = array(
	'Message' => $message
);
$payload = json_encode($data);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type:application/json','Authorization: Bearer '.$token));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$status = curl_getinfo($ch,CURLINFO_HTTP_CODE);
curl_close($ch);
return $status;
}
?>

Then you can just send the request through:
 

$token=getToken($user,$pass);
echo $test = globalMessage("Submit global message through the API using PHP",$token);

You should get as a response 200 since it is a success

[Derop]

Hello, for all other requests via POST the return is ok '200', however for the registration and password validation the return is 401. Following the same line of code as the example like this. Does anyone have a solution?

 

<?php
function registerUser($username,$password,$email,$token){
		$url = 'http://localhost:5400/api/v1/users/register';
		$ch = curl_init($url);
		$data = array(
			"username" => $username,
			"password" => strtoupper(hash("sha256", $password)),
			"email" => $email
		);
		$payload = json_encode($data);
		curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type:application/json','Authorization: Bearer '.$token));
		curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		$result = curl_exec($ch);
		$status = curl_getinfo($ch,CURLINFO_HTTP_CODE);
		curl_close($ch);
		return $status;
	}

?>

 

[jcsnider]

Have you seen this? And granted the roles required for those methods?

https://docs.freemmorpgmaker.com/api/v1/introduction/roles.htm

[Derop]

 

Perfect, it was what needed to work. thank you.

[panda]

On 3/1/2020 at 8:59 AM, wishy said:

Not sure if it matters, but Bearer has a capital letter,

 

rest looks fine, have not tested your code though

Case insensitive https://github.com/aspnet/AspNetKatana/blob/e001fcf245ba4b6b2eb09ef410d398527882dc1a/src/Microsoft.Owin.Security.OAuth/OAuthBearerAuthenticationHandler.cs#L31 

[DaveCain]

On 3/1/2020 at 5:31 PM, Melow417 said:

Hello, I got it working as you can see in the following image:

 

For this I used the following code:
 

<?php
//Get Token 
function getToken($user,$pass){
	$url = 'http://localhost:5400/api/oauth/token';
	$ch = curl_init($url);

$data = array(
	'grant_type' => 'password',
	'username' => $user,
	'password' => $pass
);
$payload = json_encode($data);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type:application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$var = json_decode($result,true);
$token=$var['access_token'];
curl_close($ch);
return $token;
}
//Submit the globalMessage with the token 
function globalMessage($message,$token){
$url = 'http://localhost:5400/api/v1/chat/global';
$ch = curl_init($url);
$data = array(
	'Message' => $message
);
$payload = json_encode($data);
curl_setopt($ch, CURLOPT_POSTFIELDS,$payload);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-type:application/json','Authorization: Bearer '.$token));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$status = curl_getinfo($ch,CURLINFO_HTTP_CODE);
curl_close($ch);
return $status;
}
?>

Then you can just send the request through:
 

$token=getToken($user,$pass);
echo $test = globalMessage("Submit global message through the API using PHP",$token);

You should get as a response 200 since it is a success

 

I can see it worked for you, but I literally copied this code and I got a 401 error still.

As I could see no errors in my code, I'm starting to wonder if it's something to do with the "PHP Desktop" I'm using. It's normally fine but for some reason it just doesn't seem to allow this to work.

I'll try again with some other kind of WAMP server.

 

Edit: Still the same. I literally copied you code exactly, I still get the token ok, but I get a 401 when calling the globalMessage function. It's really annoying me now, I know the code is correct but it just won't work.

 

[jcsnider]

11 minutes ago, DaveCain said:

 

I can see it worked for you, but I literally copied this code and I got a 401 error still.

As I could see no errors in my code, I'm starting to wonder if it's something to do with the "PHP Desktop" I'm using. It's normally fine but for some reason it just doesn't seem to allow this to work.

I'll try again with some other kind of WAMP server.

 

Edit: Still the same. I literally copied you code exactly, I still get the token ok, but I get a 401 when calling the globalMessage function. It's really annoying me now, I know the code is correct but it just won't work.

 

 

Just to confirm, are you using the latest versions of Intersect? Either 0.6.0.192 or 0.6.1.223?

 

Shouldn't matter too much but if you're on an ancient build like 0.6.0.0 that could explain it.

[DaveCain]

Yeah I'm on 0.6.0.0 according to the server, but I only downloaded it about 3 weeks ago or so.

I'll see if I can upgrade it!