Question: How to use Client Credentials and Refresh Token. Possibly missing Signer? #28
Description
I'm trying to get an API client to authenticate following your instructions but keep running into issues. I think it may have something to do with a present RefreshToken which I know you've mentioned that this isn't how the RFC defines the appropriate process here but I'm wondering if my issue is different.
I'm trying to consume an API with what I assume is ClientCredentials using a RefreshToken. I can get a proper Access Token using cURL like so:
curl -X POST https://domain.com/API/Login/oauth2
-H "Content-Type: application/x-www-form-urlencoded"
-H 'Authorization: Bearer XXXRefreshTokenXXX'
-d "grant_type=client_credentials&client_id=ClientTest&client_secret=ClientSecret&redirect_uri=https://domain.com/Auth/OAuth2"
Now when I try to recreate that using the Guzzle OAuth2 Subscriber library I can't get it to authenticate. I keep getting a 500 error. The code I'm using is this:
$reauth_config = [
"client_id" => "ClientTest",
"client_secret" => "ClientSecret",
"refresh_token" => "XXXRefreshTokenXXX",
'redirect_uri' => "https://domain.com/Auth/OAuth2",
];
$reauth_client = new GuzzleHttp\Client([
// URL for access_token request
'base_uri' => "https://domain.com/API/Login/oauth2",
]);
$grant_type = new ClientCredentials($reauth_client, $reauth_config);
$refresh_grant_type = new RefreshToken($reauth_client, $reauth_config);
$oauth = new OAuth2Middleware($grant_type, $refresh_grant_type);
$oauth->setTokenPersistence($_token_storage);
$stack = HandlerStack::create();
$stack->push($oauth);
$client = new GuzzleHttp\Client([
'handler' => $stack,
'auth' => 'oauth',
]);
$response = $client->get("https://domain.com/API/Member?MemberType=I&DisplayStart=0&DisplayLength=100");
From what I can tell it's not passing the Authorization Bearer along with the request. I've looked into the Signer portion of the library but I honestly can't suss out where to put that code. Is this just a matter of my noobness or something else?