Hi,

When i try to login using facebook on drupal site with facebook session opened in another tab, it shows "Invalid OAuth access token." error message. Though same thing works fine when facebook session is logged out.
In the url it generates, there is oauth_token parameter:
https://www.facebook.com/dialog/oauth?redirect_uri=http%3A%2F%2Flocalhos...
If i remove this parameter from query string, then also it works.

Why is oauth connector is putting this oauth_token parameter? I checked another implementation of oauth login in php. The url it generates does not have oauth_token and therefore works fine. Is this because of oauth connector configuration issue. Please help.

CommentFileSizeAuthor
#15 error.jpg86.08 KBcoolkid4689
#1 DrupalOAuthClient.inc_.patch873 bytesseghezzou2
invalidtoken.png122.52 KBoxford-1

Comments

seghezzou2’s picture

seghezzou2 commented
StatusFileSize
new DrupalOAuthClient.inc_.patch873 bytes

I'm having a similar problem. This is an issue from Oauth module. I've attached an small patch that could help you solving this. Enjoy!

Frederic wbase’s picture

Frederic wbase commented

I can confirm that the patch of seghezzou2 does the job!
Thanks

arlina’s picture

arlina commented

Patch works, thanks!

cramrez’s picture

cramrez commented

Patch works very well, thanks!

pedrosp’s picture

pedrosp
Location Madrid, Spain
commented

kudos @seghezzou2 !
Maybe this patch should be noticed (if not yet) to Oauth module contributors, and therefore cross-linked with this thread #justsayin'

alexverb’s picture

alexverb commented
Status: Active » Needs review

I don't know if hardcoding an exception for facebook is the right thing to do here. Isn't oauth supposed to have one general way of doing things? I don't think it will get committed as long as there's no reasoning behind it.

But I've put the status to needs review so the maintainers can have a look at it...

profir90’s picture

profir90 commented

Hi! I have the following error message: Exception: SSL certificate problem, verify the CA That definitely is OK. Details: error: 14445586: SSL routines: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed in DrupalOAuth2Client-> get () (line 119 of D: \ Drupal \ .... \ modules \ contrib \ oauthconnector \ modules \ OAuth2 \ lib \ DrupalOAuth2Client.inc )

hmartens’s picture

hmartens commented

I've been struggling for a week now to get the FB login working to no avail :) But the twitter login works beautifully!

When I try to login, it gives me the
"AUTHORIZATION FINISHED

The application has been authorized" message but I'm still not logged in or taken to a registration page. I also see in the addressbar the following: "/oauth/authorized2/3?error_code=190&error_message=Invalid+OAuth+access+token.#_=_"

tvilms’s picture

tvilms commented

I get the same problem with the FB login not working.

But @hmartens, I'm curious about your comment that "Twitter login works beautifully". If you log out and try to log back in, does it take you right back in? Check that out and if you're seeing something not working after all, then chime in on another thread, http://drupal.org/node/2006212

Some of us are seeing a problem with the Drupal site not "remembering" the Twitter user.

dparvanova’s picture

dparvanova commented

I applied the patch from #1.
Now instead of "Invalid OAuth access token." message I am redirected to the user/register page

bojanz’s picture

bojanz commented
Status: Needs review » Fixed

Committed a fix:
http://drupalcode.org/project/oauthconnector.git/commitdiff/42c6f66

Tagging a beta2.

seghezzou2’s picture

seghezzou2 commented

Thanx @pedrosp!!!, I'll do it.

JadH’s picture

JadH commented

Hello All,

I was facing the same issue.

I applied Patch #1.

I got redirected to the Facebook Authentication page, when I clicked ok, I got the below error.

Exception: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in DrupalOAuth2Client->get() (line 119 of /Applications/XAMPP/xamppfiles/htdocs/kalabsha/profiles/commerce_kickstart/modules/contrib/oauthconnector/modules/oauth2/lib/DrupalOAuth2Client.inc).

Is it related to the change done in #patch1? or is it a separate issue?

bojanz’s picture

bojanz commented

There's no bug there, you need to have SSL setup on your server if you want to use facebook login (or any other oauth2 based authorization).

coolkid4689’s picture

coolkid4689 commented
StatusFileSize
new error.jpg86.08 KB

Hi everybody. i have some problem about facebook login
this is link after i tried to login commerce kickstart by facebook:
http://localhost/commerce_fb/oauth/authorized2/1?code=AQAEZvhKIDhThzgv7m...
I had run DrupalOAuthClient.inc_.patch of seghezzou2. thanks seghezzou2. i fixed error nvalid OAuth access token.
But when i click facebook login my commerce i get this status Authorization finished. and not logon by account facebook.
Help me!

nevmoor’s picture

nevmoor commented

I get the same results as #15!
The patch clears the invalid token error, but now I get sent directly to the Authorization finished page, still not logged in and no user account set up.
I will have to go back and check but I could have sworn I created a couple of accounts on my test AND live sites before this stopped working.

Does this patch really fix the true error, or is it really a patch around?

bojanz’s picture

bojanz commented

beta2 contains an actual fix. No patch in this issue is valid or ever was.

nevmoor’s picture

nevmoor commented

Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Gravitator’s picture

Gravitator commented

Thank you very much seghezzou2.
I changed the patch for Google, replacing facebook on Google.

bryanmanalo’s picture

bryanmanalo commented
Version: 7.x-1.0-beta1 » 7.x-1.0-beta2
Status: Closed (fixed) » Active

I am currently using beta 2, and I am still experiencing the same error as #15.

More details:
1.) I have followed the drupal commerce video on http://www.drupalcommerce.org/videos/commerce-kickstart-tips/ck-tip-1-so....
2.) I only added curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false) to ~\profiles\commerce_kickstart\modules\contrib\oauthconnector\modules\oauth2\lib\DrupalOAuth2Client.inc because I am just using localhost.

Is anyone else experiencing the same problem?\

**** Update
I traced the code, and it has redirected me to this line. Which is kind of off, because at this line it says, TODO: Add error message http://drupalcode.org/project/oauthconnector.git/blob/53f8a1ec9e4cc24128...

Regards,

mubiesam’s picture

mubiesam commented

seems there are still issues, I'm using commerce_kickstart-7.x-2.12 with oauth 7.x-3.1, beta2 is already there...but it always redirected to the user/register page while the callback url is set to oauth/authorized2/1

mubiesam’s picture

mubiesam commented
Issue summary: View changes

Hi,

Will it be conflict to install fboauth-7.x-1.6.zip inside commerce_kickstart-7.x-2.12 ...

Thanks,

BigElsk’s picture

BigElsk commented

I'm also having this issue mentioned in #15 with Kickstart. Disabled the block for now waiting for a fix...

xamanu’s picture

xamanu commented
Status: Active » Closed (duplicate)

Same error here, as described in #15.

* OAuth 7.x-3.2
* OAuthconnector 7.x-1.0-beta2
* Tried it without success with seghezzou2's patch.

Anyway this is kind of a duplicate of the issue handled in the OAuth module #1981228: Invalid OAuth access token when trying to login using facebook and anything related should be reported there.

Amit Raghav’s picture

Amit Raghav commented

Hi All,

I have to perform a load testing for my application containing media steaming contents. for that user first log in to the application. But while validating the script I am getting "Invalid OAuth Request" in response.

This application is Windows Desktop based application.
Please guide me how would I manage this Oauth error.

Request
**********************************
PUT /v3/xauth/access_token.json HTTP/1.1
Host: qa-api.shrbt.com
Connection: keep-alive
Content-Length: 92
Accept: application/json, text/plain, */*
Authorization: OAuth oauth_body_hash=5ElPjvM1y3hJYxtiDq83UYoS4tc%3D,oauth_callback=oob,oauth_consumer_key=urCdB1SIcfB8RvuEJDFUTF4DHt2JPfjlv6TNpItYDP,oauth_nonce=re7EeD7FKFFMERQX,oauth_signature_method=HMAC-SHA1,oauth_timestamp=1410437032,oauth_version=1.0,oauth_signature=2FRDJFURBDsCAg6OO5eZwKz1S5CKA%3D
Content-Type: application/json;charset=UTF-8
Origin: http://web.cdn.eqa.movenetworks.com
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.91 Safari/537.36 SherbetDesktop/3.4.30; CIDishWorld2QA Safari/537.1
Referer: http://web.cdn.eqa.movenetworks.com/gryphon/desktop-env-qa/
Accept-Encoding: gzip,deflate
Accept-Language: en-us,en
Accept-Charset: iso-8859-1,*,utf-8

{"email":"**********","password":"******","device_guid":"48498b04-37f5-11e4-8000-000000000000"}

Response
*********************************************

HTTP/1.1 401 Unauthorized
Server: nginx/1.0.14
Date: Thu, 18 Sep 2014 05:08:58 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 401 Unauthorized
X-UA-Compatible: IE=Edge,chrome=1
Cache-Control: no-cache
X-Request-Id: 336c60cb658f1a5e6ea4287f3f97f4f7
X-Runtime: 0.039976
X-Rack-Cache: invalidate, pass

Invalid OAuth Request

Thanks
Amit