Mautic API requires $_SESSION running in order to generate tokens

tasselhof · April 3, 2016, 5:55pm

If you check my posts, you will realise, that I was facing very weird issues with Mautic API. Now I know hw I fixed all things, but lets begin soewhere. You all know the usual code to obtain the access token if you are using Mautic API:

Code:

$settings = array( 'baseUrl' => '', // Base URL of the Mautic instance 'version' => 'OAuth2' // Version of the OAuth can be OAuth2 or OAuth1a. OAuth2 is the default value. 'clientKey' => '', // Client/Consumer key from Mautic 'clientSecret' => '', // Client/Consumer secret key from Mautic 'callback' => '' // Redirect URI/Callback URI for this script ); $auth = ApiAuth::initiate($settings);

if ($auth->validateAccessToken()) {
//…

But, In my case the line $auth->validateAccessToken() was always throwing false to me no matter how dark magic was I using

I was digging deep down in the API code to find out how the token is generated and on line 637 of OAuth.php I found this line:

Code:

$authUrl .= '?oauth_token='.$_SESSION['oauth']['token'];

So I tried to start the session:

Code:

session_name("tasselhof"); session_start(); $auth = ApiAuth::initiate($settings);

if ($auth->validateAccessToken()) {
//…

And, starting a session fixed all my problems

Therefore, I think I found a bug in mautic API, because I believe this should be done by API itself, so that the API has to programatically make sure that session is started before using $_SESSION variable

Should I start also github issue or is this enough information to provide a fix?

tasselhof · April 3, 2016, 5:55pm

If you check my posts, you will realise, that I was facing very weird issues with Mautic API. Now I know hw I fixed all things, but lets begin soewhere. You all know the usual code to obtain the access token if you are using Mautic API:

$settings = array(
    'baseUrl'          => '',       // Base URL of the Mautic instance
    'version'          => 'OAuth2'  // Version of the OAuth can be OAuth2 or OAuth1a. OAuth2 is the default value.
    'clientKey'        => '',       // Client/Consumer key from Mautic
    'clientSecret'     => '',       // Client/Consumer secret key from Mautic
    'callback'         => ''        // Redirect URI/Callback URI for this script
);
$auth = ApiAuth::initiate($settings);

if ($auth->validateAccessToken()) {
//...

But, In my case the line $auth->validateAccessToken() was always throwing false to me no matter how dark magic was I using

I was digging deep down in the API code to find out how the token is generated and on line 637 of OAuth.php I found this line:

 $authUrl .= '?oauth_token='.$_SESSION['oauth']['token'];

So I tried to start the session:

session_name("tasselhof");
session_start();
$auth = ApiAuth::initiate($settings);



if ($auth->validateAccessToken()) {
//...

And, starting a session fixed all my problems

Therefore, I think I found a bug in mautic API, because I believe this should be done by API itself, so that the API has to programatically make sure that session is started before using $_SESSION variable

Should I start also github issue or is this enough information to provide a fix?

Topic		Replies	Views
Mautic API OAuth Product Support	4	442	May 1, 2016
Newbie authentication issue Product Support	6	828	February 2, 2020
oAuth 2.0 API authorization Product Support	20	4683	February 2, 2020
Cannot get API Token with api-library Product Support	3	361	August 26, 2016
oAuth 1a Development	5	398	February 2, 2020

Mautic API requires $_SESSION running in order to generate tokens

Related topics