OAuth2, token key not keeping session

Question

So I'm trying keep the session alive, at the moment when I refresh the session expires giving me this:

Received error: 400 Raw response:{"error":"SESSION_EXPIRED","error_description":"Session expired"}

Here's my code based on the example given on Yahoo's Gemini's documentation which I've read through, but there's nothing on stopping the sessions expire.

<?php
/* Example code to access Gemini API: Fetch advertiser information, create a new campaign and read specific campaign data

Prerequisites:
  1. Sign up for an account on https://admanager.yahoo.com
  2. Download YahooOAuth2.class.php file from here: https://github.com/saurabhsahni/php-yahoo-oauth2/blob/master/YahooOAuth2.class.php
  3. PHP modules for json_decode & curl
  4. A webserver running this code on port 80/443. Yahoo OAuth callback is only supported on these ports
*/
require "YahooOAuth2.class.php";
session_start();
#Your Yahoo API consumer key & secret with access to Gemini data

define("CONSUMER_KEY","<your consumer key>");
define("CONSUMER_SECRET","<your consumer secret>");
$redirect_uri="http://".$_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];//Or your other redirect URL - must match the callback domain

$gemini_api_endpoint="https://api.admanager.yahoo.com/v1/rest";

$oauth2client=new YahooOAuth2();

if (isset($_GET['code'])){
    $code=$_GET['code'];
    $_SESSION['code'] = $_GET['code'];
}
else {
    $code=0;
}

if($code){
     #oAuth 3-legged authorization is successful, fetch access token
     $_SESSION['token'] = $oauth2client->get_access_token(CONSUMER_KEY,CONSUMER_SECRET,$redirect_uri,$_SESSION['code']);

     #Access token is available. Do API calls.

     $headers = array('Authorization: Bearer '. $_SESSION['token'],'Accept: application/json','Content-Type: application/json');

     #Fetch Advertiser Name and Advertiser ID
     $url=$gemini_api_endpoint."/advertiser/";

     $resp=$oauth2client->fetch($url,$postdata="",$auth="",$headers);
     $jsonResponse = json_decode( $resp);
     $advertiserName = $jsonResponse->response[0]->advertiserName;
     $advertiserId = $jsonResponse->response[0]->id;
     echo "Welcome ".$advertiserName;
}
else {
    # no valid access token available, go to authorization server
    header("HTTP/1.1 302 Found");
    header("Location: " . $oauth2client->getAuthorizationURL(CONSUMER_KEY,$redirect_uri));
    exit;
}

?>

As you can see I've tried session_start();, saving $_GET['code'] and $_GET['token'] into the session but that doesn't work.

Am I right that is an issue with saving the token? I've spend a day on it and feel like I'm going around in circles.

Answer 1

The following code works for me. Let me know if this helps at all.

For the first query, try this:

require "YahooOAuth2.class.php"; 

#Your Yahoo API consumer key & secret with access to Gemini data 
define("CONSUMER_KEY","");
define("CONSUMER_SECRET","");
$redirect_uri="http://".$_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];//Or your other redirect URL - must match the callback domain 

$gemini_api_endpoint="https://api.admanager.yahoo.com/v1/rest";
$oauth2client=new YahooOAuth2();

if (isset($_GET['code'])){
$code=$_GET['code'];  
} 
else {
$code=0;
}

if($code){
#oAuth 3-legged authorization is successful, fetch access token  
$tokens=$oauth2client->get_access_token(CONSUMER_KEY,CONSUMER_SECRET,$redirect_uri,$code);

#Access token is available. Do API calls.   
$headers= array('Authorization: Bearer '.$tokens['a'],'Accept: application/json','Content-Type: application/json');
#Fetch Advertiser Name and Advertiser ID
$url=$gemini_api_endpoint."/reports/custom";
$resp=$oauth2client->fetch($url,$postdata=$json,$auth="",$headers);
$jsonResponse = json_decode( $resp );
}

else {
# no valid access token available, go to authorization server 
header("HTTP/1.1 302 Found");
header("Location: " . $oauth2client->getAuthorizationURL(CONSUMER_KEY,$redirect_uri));
exit;
}

Then for the next query (which you can reuse through a loop if desired):

$refreshThis = $tokens['r'];

$gemini_api_endpoint="https://api.admanager.yahoo.com/v1/rest";
$oauth2client=new YahooOAuth2();


if($code){
#oAuth 3-legged authorization is successful, fetch access token  
$tokens=$oauth2client->get_new_access_token(CONSUMER_KEY,CONSUMER_SECRET,$redirect_uri,$refreshThis);

#Access token is available. Do API calls.   
$headers= array('Authorization: Bearer '.$tokens['a'],'Accept: application/json','Content-Type: application/json');
#Fetch Advertiser Name and Advertiser ID
// $url=$gemini_api_endpoint."/campaign/347026014";
$url=$gemini_api_endpoint."/reports/custom";
$resp=$oauth2client->fetch($url,$postdata=$json,$auth="",$headers);
$jsonResponse = json_decode( $resp );
// $advertiserName = $jsonResponse->response[0]->advertiserName; 
// $advertiserId = $jsonResponse->response[0]->id; 
// echo "Welcome ".$advertiserName;
}
else {
# no valid access token available, go to authorization server 
header("HTTP/1.1 302 Found");
header("Location: " . $oauth2client->getAuthorizationURL(CONSUMER_KEY,$redirect_uri));
exit;
}

From the YahooOAuth2.class.php file:

public function get_new_access_token($clientId, $clientSecret,$redirect_uri,$refreshThis) {
    $url=self::TOKEN_ENDPOINT;

    $postdata=array("redirect_uri"=>$redirect_uri,"refresh_token"=>$refreshThis,"grant_type"=>"refresh_token");
$auth=$clientId . ":" . $clientSecret;
    $response=self::fetch($url,$postdata,$auth); 
 // Convert the result from JSON format to a PHP array 
$jsonResponse = json_decode( $response );

$token['a'] = $jsonResponse->access_token;
$token['r'] = $jsonResponse->refresh_token;

var_dump($token['a']);
var_dump($token['r']);

    return $token;

}