Invalid OAuth access token.
By Zeosing on Friday, 26 May 2017
Posted in Technical Issues
Likes 0
Views 3.1K
Votes 0
Hi, we have a problem whiot a subdomain that uses old EB (3.9.16263) , the autoposting for FB stop working today.

We thinks there is error with the way that EB store OAuth access token, since FB updated their API recently.

Could you gave a us a hand with this?

We can provide Access because is subdomain of main domain that we do not have control over it, the client have it. And the Business client is closed until Monday.

They use like a "internal blog" .

We provide the old code that we think causes the problem



public function grant()

	{

		// @task: Check for acl rules.

		$this->checkAccess( 'autoposting' );



		$type		= JRequest::getCmd( 'type' );

		$mainframe	= JFactory::getApplication();

		$config		= EasyBlogHelper::getConfig();

		$key		= $config->get( 'integrations_' . $type . '_api_key' );

		$secret		= $config->get( 'integrations_' . $type . '_secret_key' );



		$my			= JFactory::getUser();

		$from		= JRequest::getWord( 'return' );

		$oauth		= EasyBlogHelper::getTable( 'Oauth' );

		$loaded		= $oauth->loadSystemByType( $type );

		$denied		= JRequest::getVar( 'denied' , '' );

		$redirect	= JRoute::_( 'index.php?option=com_easyblog&view=autoposting&layout=' . $type . '&step=2' , false );



		if( $from == 'form' )

		{

			$redirect 	= JRoute::_( 'index.php?option=com_easyblog&view=autoposting&layout=form&type=' . $type , false );

		}



		$call 		= JRequest::getWord( 'call' );

		$callUri 	= !empty( $call ) ? '&call=' . $call : '';



		if( !empty( $denied ) )

		{

			$oauth->delete();



			$this->setRedirect( $redirect , JText::sprintf( 'Denied by %1s' , $type ) , 'error');

			return;

		}



		if( !$loaded )

		{

			$oauth->delete();



			JError::raiseError( 500 , JText::_( 'COM_EASYBLOG_AUTOPOST_ERRORS_REQUEST_TOKENS_NOT_LOADED' ) );

		}



		$request	= EasyBlogHelper::getRegistry( $oauth->request_token );



		$return 	= JRequest::getWord( 'return' );

		$return  	= !empty( $return ) ? '&return=' . $return : '';



		$callback	= rtrim( JURI::root() , '/' ) . '/administrator/index.php?option=com_easyblog&c=autoposting&task=grant&type=' . $type . $return . $callUri;



		$consumer	= EasyBlogHelper::getHelper( 'OAuth' )->getConsumer( $type , $key , $secret , $callback );

		$verifier	= $consumer->getVerifier();



		if( empty( $verifier ) )

		{

			// Since there is a problem with the oauth authentication, we need to delete the existing record.

			$oauth->delete();



			JError::raiseError( 500 , JText::_( 'COM_EASYBLOG_AUTOPOST_ERRORS_INVALID_VERIFIER' ) );

		}



		$access		= $consumer->getAccess( $request->get( 'token' ) , $request->get( 'secret' ) , $verifier );



		if( !$access || empty( $access->token ) || empty( $access->secret ) )

		{

			// Since there is a problem with the oauth authentication, we need to delete the existing record.

			$oauth->delete();



			$this->setRedirect( $redirect , JText::sprintf( 'COM_EASYBLOG_AUTOPOST_ERRORS_INVALID_ACCESS_TOKENS' , $type ) , 'error' );

			return;

		}





		$param		= EasyBlogHelper::getRegistry('');

		$param->set( 'token' 	, $access->token );

		$param->set( 'secret'	, $access->secret );



		if( isset( $access->expires ) )

		{

			$param->set( 'expires' , $access->expires );

		}





		$oauth->access_token	= $param->toString();



		$oauth->params			= $access->params;

		$oauth->store();



		// @task: Let's see if the oauth client

		if( !empty( $call ) )

		{

			$consumer->$call();

		}

		else

		{

			$this->setRedirect( $redirect , JText::_( 'COM_EASYBLOG_AUTOPOST_ACCOUNT_ASSOCIATED_SUCCESSFULLY') );

		}



		return;

	}

}








<?php

/**

 * @package		EasyBlog

 * @copyright	Copyright (C) 2010 Stack Ideas Private Limited. All rights reserved.

 * @license		GNU/GPL, see LICENSE.php

 *

 * EasyBlog is free software. This version may have been modified pursuant

 * to the GNU General Public License, and as distributed it includes or

 * is derivative of works licensed under the GNU General Public License or

 * other free or open source software licenses.

 * See COPYRIGHT.php for copyright notices and details.

 */



defined('_JEXEC') or die('Restricted access');



jimport('joomla.application.component.controller');



require_once( EBLOG_HELPERS . DIRECTORY_SEPARATOR . 'helper.php' );

require_once( EBLOG_HELPERS . DIRECTORY_SEPARATOR . 'oauth.php' );



class EasyBlogControllerOauth extends EasyBlogController

{

	/**

	 * Constructor

	 *

	 * @since 0.1

	 */

	function __construct()

	{

		// Include the tables in path

		JTable::addIncludePath( EBLOG_TABLES );



		parent::__construct();

	}



	function request()

	{

		$mainframe 	= JFactory::getApplication();



		if(! EasyBlogHelper::isLoggedIn())

		{

			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_YOU_MUST_LOGIN_FIRST') , 'error' );

			$this->setRedirect( EasyBlogRouter::_('index.php?option=com_easyblog' , false ) );

			return;

		}



		$redirect	= JRequest::getVar( 'redirect' , '' );

		$type		= JRequest::getCmd( 'type' );



		if( !empty( $redirect ) )

		{

			$redirect 	= '&redirect=' . $redirect;

		}



		$userId     = JRequest::getVar( 'id' );



		// Flickr integration does not require user id.

		if( empty( $userId ) )

		{

			$mainframe->enqueueMessage( JText::_('Error, User not found.') , 'error' );

			$redirect	= JRoute::_( 'index.php?option=com_easyblog&view=users', false );

			$this->setRedirect( $redirect );

			return;

		}



		$call 		= JRequest::getWord( 'call' );

		$callUri 	= !empty( $call ) ? '&call=' . $call . '&id=' . $userId : '&id=' . $userId;



		

		$config		= EasyBlogHelper::getConfig();

		$key		= $config->get( 'integrations_' . $type . '_api_key' );

		$secret		= $config->get( 'integrations_' . $type . '_secret_key' );

		$callback	= rtrim( JURI::root() , '/' ) . '/administrator/index.php?option=com_easyblog&c=oauth&task=grant&type=' . $type . $redirect . $callUri;



		$consumer	= EasyBlogOauthHelper::getConsumer( $type , $key , $secret , $callback );

		$request	= $consumer->getRequestToken();





		if( empty( $request->token ) || empty( $request->secret ) )

		{

			$mainframe->enqueueMessage( JText::_( 'COM_EASYBLOG_OAUTH_KEY_INVALID') , 'error' );

			$redirect	= JRoute::_( 'index.php?option=com_easyblog&view=users', false );

			$this->setRedirect( $redirect);

			return;

		}



		$oauth				= EasyBlogHelper::getTable( 'Oauth' , 'Table' );

		$oauth->user_id		= $userId;

		$oauth->type		= $type;

		$oauth->created		= EasyBlogHelper::getDate()->toMySQL();



		// Bind the request tokens

		$param				= EasyBlogHelper::getRegistry('');

		$param->set( 'token' , $request->token );

		$param->set( 'secret' , $request->secret );



		$oauth->request_token	= $param->toString();



		$oauth->store();



		$this->setRedirect( $consumer->getAuthorizationURL( $request->token , false , 'popup') );

	}



	/**

	 * This will be a callback from the oauth client.

	 * @param	null

	 * @return	null

	 **/

	public function grant()

	{

		$type		= JRequest::getCmd( 'type' );

		$userId		= JRequest::getVar( 'id' );

		$mainframe	= JFactory::getApplication();

		$config		= EasyBlogHelper::getConfig();

		$key		= $config->get( 'integrations_' . $type . '_api_key' );

		$secret		= $config->get( 'integrations_' . $type . '_secret_key' );

		$my			= JFactory::getUser( $userId );



		$redirect		= JRequest::getVar( 'redirect' , '' );

		$redirectUri 	= !empty( $redirect ) ? '&redirect=' . $redirect : '';



		// @task: Let's see if caller wants us to go to any specific location or not.

		if( !empty( $redirect ) )

		{

			$redirect	= base64_decode( $redirect );

		}



		if(! EasyBlogHelper::isLoggedIn())

		{

			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_YOU_MUST_LOGIN_FIRST') , 'error' );

			$this->setRedirect( JRoute::_('index.php?option=com_easyblog&view=users' , false ) );

			return;

		}



		$oauth		= EasyBlogHelper::getTable( 'Oauth' , 'Table' );

		$loaded		= $oauth->loadByUser( $my->id , $type );



		$denied     = JRequest::getVar( 'denied' , '' );





		$call 		= JRequest::getWord( 'call' );

		$callUri 	= !empty( $call ) ? '&call=' . $call . '&id=' . $my->id : '&id=' . $my->id;





		if( !empty( $denied ) )

		{

		    $oauth->delete();

			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_OAUTH_DENIED_ERROR') , 'error' );

			$redirect	= JRoute::_( 'index.php?option=com_easyblog&view=users', false );

			$this->setRedirect( $redirect , false );

			return;

		}



		if( !$loaded )

		{

			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_OAUTH_UNABLE_TO_LOCATE_RECORD') , 'error' );

			$redirect	= JRoute::_( 'index.php?option=com_easyblog&view=users', false );

			$this->setRedirect( $redirect , false );

			return;

		}



		$request	= EasyBlogHelper::getRegistry( $oauth->request_token );

		$callback	= rtrim( JURI::root() , '/' ) . '/administrator/index.php?option=com_easyblog&c=oauth&task=grant&type=' . $type . $redirect . $callUri;





		$consumer	= EasyBlogOauthHelper::getConsumer( $type , $key , $secret , $callback );

		$verifier	= $consumer->getVerifier();



		if( empty( $verifier ) )

		{

			// Since there is a problem with the oauth authentication, we need to delete the existing record.

			$oauth->delete();



			JError::raiseError( 500 , JText::_( 'COM_EASYBLOG_INVALID_VERIFIER_CODE' ) );

		}



		$access		= $consumer->getAccess( $request->get( 'token' ) , $request->get( 'secret' ) , $verifier );



		if( !$access || empty( $access->token ) || empty( $access->secret ) )

		{

			// Since there is a problem with the oauth authentication, we need to delete the existing record.

			$oauth->delete();



			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_OAUTH_ACCESS_TOKEN_ERROR'), 'error' );

			$this->setRedirect( $redirect , false );

			return;

		}



		$param		= EasyBlogHelper::getRegistry('');

		$param->set( 'token' 	, $access->token );

		$param->set( 'secret'	, $access->secret );



		if( isset( $access->expires ) )

		{

			$param->set( 'expires' , $access->expires );

		}



		$oauth->access_token	= $param->toString();

		$oauth->params			= $access->params;



		$oauth->store();





		$mainframe->enqueueMessage( JText::_('Application revoked successfully.') );

		$url 	=	JRoute::_('index.php?option=com_easyblog&c=user&id=' . $my->id . '&task=edit', false);



		if( !empty( $redirect ) )

		{

			$url 	= $redirect;

		}



		// @task: Let's see if the oauth client

		if( !empty( $call ) )

		{

			$consumer->$call();

		}

		else

		{

			$this->setRedirect( $url );

		}

	}



	/**

	 * Responsible to revoke access for the specific oauth client

	 *

	 * @param	null

	 * @return	null

	 **/

	public function revoke()

	{

		$mainframe	= JFactory::getApplication();

		$id			= JRequest::getCmd( 'id' );

		$return		= JRequest::getCmd( 'return', 'user' );

		$activechild= JRequest::getCmd( 'activechild', '' );

		$my			= JFactory::getUser($id);

		$url		= JRoute::_('index.php?option=com_easyblog&view=dashboard&layout=profile' , false );

		$type		= JRequest::getWord( 'type' );

		$config		= EasyBlogHelper::getConfig();



		if( $my->id == 0 )

		{

			$mainframe->enqueueMessage( JText::_('COM_EASYBLOG_OAUTH_INVALID_USER') , 'error');

			$this->setRedirect( $return );

		}



		$oauth		= EasyBlogHelper::getTable( 'OAuth' , 'Table' );

		$oauth->loadByUser( $my->id , $type );



		// Revoke the access through the respective client first.

		$callback	= trim(JURI::base(), "/").JRoute::_( '/index.php?option=com_easyblog&c=oauth&task=grant&type=' . $type . '&return=' . $return . '&activechild=' . $activechild . '&id=' . $id , false , true );

		$key		= $config->get( 'integrations_' . $type . '_api_key' );

		$secret		= $config->get( 'integrations_' . $type . '_secret_key' );

		$consumer	= EasyBlogOauthHelper::getConsumer( $type , $key , $secret , $callback );

		$consumer->setAccess( $oauth->access_token );



		switch($return)

		{

			case 'settings':

				$redirect = JRoute::_('index.php?option=com_easyblog&view=settings&active=social&activechild='.$activechild , false );

				break;

			case 'user':

			default:

				$redirect = JRoute::_('index.php?option=com_easyblog&c=user&id='.$id.'&task=edit' , false );

				break;

		}



		// @task: Only show errors when the user is really authenticated with the respective provider.

		if( !$consumer->revokeApp() && !empty( $oauth->access_token) )

		{

			$mainframe->enqueueMessage( JText::_('There was an error when trying to revoke your app.') , 'error');

			$this->setRedirect( $redirect );

			return;

		}

		$oauth->delete();



		$mainframe->enqueueMessage( JText::_('Application revoked successfully.') );

		$this->setRedirect( $redirect );

	}

}






Thanks and sorry for the inconvenience for not to have the access data
Hello Zeosing,

Hm, it is very difficult for us to keep track of what Facebook has changed overtime because their API is changed very frequently Is there any way to get your client to update to the latest version?
Mark
·
Saturday, 27 May 2017 01:38
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Mark of course we update their software this summer, but meantime this feature doesn´t work, I know FB change the API very frequently, but if you can help a bit with this would be great. Thanks
Zeosing
·
Saturday, 27 May 2017 01:42
·
0 Likes
·
0 Votes
·
0 Comments
·
I actually need the access to their site to see what errors are Facebook generating and work from there
Mark
·
Saturday, 27 May 2017 01:48
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi, Mark we Update the first post with the data, thanks for the help
Zeosing
·
Monday, 29 May 2017 17:05
·
0 Likes
·
0 Votes
·
0 Comments
·
It seems like I hitting this following warning when i trying to login from backend.

Warning
¡Acceso denegado! Su cuenta está bloqueada o aún no ha sido activada.


By the way, is it can assign your current domain to your license to obtain for support? You can do so by accessing your license area at http://stackideas.com/dashboard .

Also is it can provide us with your Facebook user account access as well, in case we need to test re-authenticate with your Facebook account.
Arlex Wong
·
Monday, 29 May 2017 18:04
·
0 Likes
·
0 Votes
·
0 Comments
·
Upps!, solved, try now
Zeosing
·
Monday, 29 May 2017 18:16
·
0 Likes
·
0 Votes
·
0 Comments
·
It okay Zeosing

I've checked this from last night on your site, it seems like there much different code which compare with 3.x to 5.1.x , that is actually quite difficult for us to only solve this part of Facebook autopost, because the Oauth table structure and Facebook API already different which followed their requirement.

May i know do you have consider to upgrade to Easyblog 5.1 latest version?
Arlex Wong
·
Tuesday, 30 May 2017 09:48
·
0 Likes
·
0 Votes
·
0 Comments
·
Like I said in my previous post, there is a update Scheduled this summer, but we can´t keep the client with this problem till August.
Zeosing
·
Tuesday, 30 May 2017 11:55
·
0 Likes
·
0 Votes
·
0 Comments
·
I've applied some fix in these following files and added one of the new columns in your database under this table #__easyblog_oauth.

JoomlaFolder/components/com_easyblog/classes/facebook/helper.php
JoomlaFolder/administrator/components/com_easyblog/controllers/autoposting.php
JoomlaFolder/administrator/components/com_easyblog/tables/oauth.php



ALTER TABLE #__easyblog_oauth` ADD expires` datetime DEFAULT NULL;


Can you try click "Revoke access" link from your backend > Easyblog > autopost > facebook then sign in via Facebook again, and see how it gow.
Arlex Wong
·
Tuesday, 30 May 2017 14:05
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Alex, works like a charm, perfect, hope this the last problem until update the site client in August.

Thanks again.
Zeosing
·
Tuesday, 30 May 2017 17:01
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome. Glad to hear that your issue has been resolved now.

As a gentle reminder, kindly start a new thread if you have any other issue in the future so it will be easier for us to manage your inquiry. I will lock and mark this thread as resolved.
Arlex Wong
·
Tuesday, 30 May 2017 18:02
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post