Google Contact API - 401 Target Invalid

634 views Asked by At

my project is using php with gmail oauth and facing this error as 401 Target Invalid where the other project works fine using the same way (different ID and Secret but same domain). For ex:-

xxx.com/abc xxx.com/def

HTTP/1.1 401 Token invalid - Target is invalid.
Content-Type: text/html; charset=utf-8
Date: Mon, 19 May 2014 02:03:50 GMT
Expires: Mon, 19 May 2014 02:03:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked

How can I resolve this issue? Appreciate with any comments and helps.

GmailOath codes

 $url = 'https://www.google.com/accounts/OAuthGetRequestToken';
 $params['oauth_version'] = '1.0';
 $params['oauth_nonce'] = mt_rand();
 $params['oauth_timestamp'] = time();
 $params['oauth_consumer_key'] = $oauth->oauth_consumer_key;
 $params['oauth_callback'] = $oauth->callback;
 $params['scope'] = 'https://www.google.com/m8/feeds';

Update: I'm guessing this might be the issue. Below different would be the Content-type where it should be 'application/json'. But have no idea where to change them...

Update: After further investigation, it will works only after I replaced the Client ID and Secret of an old application at https://console.developers.google.com/ No matter how many new apps that I try to generate the keys, it just don't work. What's happening?

Working call :-

[url] => https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=1000&oauth_consumer_key=59093836836-0c8mb4u395gklok3k52cr2b0oml3gmcg.apps.googleusercontent.com&oauth_nonce=1103659829&oauth_signature=ORgJZEli8Y0b1Bv1xUwFWysdJgA%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1400465100&oauth_token=1%2FL0o-ttvJP0haJ2RF9I-jd6hOIW2-kFYiQmlNx7UWVkw&oauth_version=1.0
            [content_type] => application/json; charset=UTF-8
            [http_code] => 200
            [header_size] => 525
            [request_size] => 743
            [filetime] => -1
            [ssl_verify_result] => 0
            [redirect_count] => 0
            [total_time] => 2.250314
            [namelookup_time] => 4.7E-5
            [connect_time] => 0.012625
            [pretransfer_time] => 0.040877
            [size_upload] => 0
            [size_download] => 997382
            [speed_download] => 443219
            [speed_upload] => 0
            [download_content_length] => -1
            [upload_content_length] => 0
            [starttransfer_time] => 0.423671
            [redirect_time] => 0

Not working call :-

 [url] => https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=1000&oauth_consumer_key=59093836836-57psirebb7ntghd1259g4iiml5eq0l70.apps.googleusercontent.com&oauth_nonce=995553446&oauth_signature=8yPK5su1np6sC0z8vmZ%2BHOW7CuE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1400465030&oauth_token=1%2FrDfOd04W2oUs2MHfLoFIJoVngnM0n3MWZwWMRoeFDOg&oauth_version=1.0
                [content_type] => text/html; charset=utf-8
                [http_code] => 401
                [header_size] => 369
                [request_size] => 745
                [filetime] => -1
                [ssl_verify_result] => 0
                [redirect_count] => 0
                [total_time] => 0.337964
                [namelookup_time] => 4.7E-5
                [connect_time] => 0.017053
                [pretransfer_time] => 0.054309
                [size_upload] => 0
                [size_download] => 11875
                [speed_download] => 35136
                [speed_upload] => 0
                [download_content_length] => -1
                [upload_content_length] => 0
                [starttransfer_time] => 0.337551
                [redirect_time] => 0

Please do ask for more information if above questions is not complete. Thanks.

2

There are 2 answers

0
Eric T On BEST ANSWER

Found out the solution,

Looks like the newly generated Client ID and Client Secret have already phased out for older version of API. The only way to make this works is by implementing Google Contact APIv3 and using OAuth2.

Hope this help the rest who having the same issues.

1
Jorge Campos On

The 401 error is a HTTP code that states Unauthorized which means that the request require authentication. See it here: 10 Status Code Definitions search for 401

10.4.2 401 Unauthorized

The request requires user authentication. The response MUST include a 
WWW-Authenticate header field (section 14.47) containing a challenge applicable 
to the requested resource. The client MAY repeat the request with a 
suitable Authorization header field (section 14.8). If the request already 
included Authorization credentials, then the 401 response indicates 
that authorization has been refused for those credentials. If the 401 response 
contains the same challenge as the prior response, and the user agent has 
already attempted authentication at least once, then the user SHOULD be 
presented the entity that was given in the response, since that entity might 
include relevant diagnostic information. HTTP access authentication is explained 
in "HTTP Authentication: Basic and Digest Access Authentication"

Update

Since yours requests differs one from another, the one which works was granted access and the second one doesn't. I've checked your requests with Winmerge and they are from two different application. So you may try to send through JSON the first one to see what happens.

Is it possible that you didn't configure the other app property to have access throughout google api.

I still stick to my previous answer, because this is a matter of 401 code, unauthorized access.