Reputation: 107
PHP Curl: Could not verify the provided CSRF token because your session was not found
I am trying to get an Access Token on The Taboola Backstage API according to this documentation.
Backstage API - Authentication and General API Usage.pdf
My Sample Code looks like this:
$ckfile = tempnam ("/tmp", "CURLCOOKIE");
$post = array(
"client_id" => "secret"
, "client_secret" => "secret"
, "grant_type" => "client_credentials"
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile );
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile );
curl_setopt($ch, CURLOPT_COOKIESESSION, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_USERAGENT, "App Client" );
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60 );
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded'
));
curl_setopt($ch, CURLOPT_URL,"https://backstage.taboola.com/backstage/oauth/token/");
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,0);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_AUTOREFERER, 0);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
$result=curl_exec ($ch);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($result, 0, $header_size);
$body = substr($result, $header_size);
var_dump($header,$body);
If I run the code I get the error message. Could not verify the provided CSRF token because your session was not found. What iam missing, i send it with POST to the right endpoint. Have someone please a tip for me?
Upvotes: 1
Views: 771
Answers (1)
Reputation: 69967
It looks like their documentation may be slightly off. I was able to get a proper API response by posting to /backstage/oauth/token (no trailing /). With the trailing slash it tries to pass you through to a different non-API URL.
Also, it's necessary to pass the POST array through http_build_query() so that cURL doesn't do a multipart form post from the supplied array. Since it's an API, there's no need to do anything with cookies. I removed a few other unnecessary options as well.
Here is some code to get you started that worked for me:
$post = array(
"client_id" => "secret",
"client_secret" => "secret",
"grant_type" => "client_credentials",
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIESESSION, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_USERAGENT, "App Client" );
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 60 );
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded',
'Accept: application/json',
));
curl_setopt($ch, CURLOPT_URL,"https://backstage.taboola.com/backstage/oauth/token");
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_AUTOREFERER, 0);
$result=curl_exec ($ch);
$info = curl_getinfo($ch);
$response = json_decode($result, true);
if ($info['http_code'] == 200) {
// okay
$access_token = $response['access_token'];
var_dump($response);
} else {
// error
echo $response['error'] . ': ' . $response['error_description'];
}
Upvotes: 1
Related Questions
- PHP Curl Authentication Issue using API
- curl php authentication not working
- Login with PHP curl and CSRF token
- cURL CSRF Token
- PHP cURL Authentication Issue
- cURL X-CSRF Token Issue
- CSRF verification failed. when using cURL
- PHP cURL Session not found / Session may have expired
- Php Curl Login Trouble
- CURL - cookie not enabled/session expired