"Unauthorized" with seemingly valid access token

codeformatting

#1

I’ve been struggling with this for days, looking for a little bit of help. I seem to be getting a valid token, but continue to get “unauthorized”:

REQUEST FOR TOKEN-

GuzzleHttp\Psr7\Request::__set_state(array(
   'method' => 'POST',
   'requestTarget' => NULL,
   'uri' => 
  GuzzleHttp\Psr7\Uri::__set_state(array(
     'scheme' => 'https',
     'userInfo' => '',
     'host' => 'api.home.nest.com',
     'port' => NULL,
     'path' => '/oauth2/access_token',
     'query' => '',
     'fragment' => '',
  )),
   'headers' => 
  array (
    'Host' => 
    array (
      0 => 'api.home.nest.com',
    ),
    'content-type' => 
    array (
      0 => 'application/x-www-form-urlencoded',
    ),
  ),
   'headerNames' => 
  array (
    'content-type' => 'content-type',
    'host' => 'Host',
  ),
   'protocol' => '1.1',
   'stream' => 
  GuzzleHttp\Psr7\Stream::__set_state(array(
     'stream' => NULL,
     'size' => 200,
     'seekable' => true,
     'readable' => true,
     'writable' => true,
     'uri' => 'php://temp',
     'customMetadata' => 
    array (
    ),
  )),
))

TOKEN RECEIVED IN RESPONSE -

GuzzleHttp\Psr7\Response::__set_state(array(
   'reasonPhrase' => 'OK',
   'statusCode' => 200,
   'headers' => 
  array (
    'Content-Type' => 
    array (
      0 => 'application/json',
    ),
    'Content-Length' => 
    array (
      0 => '188',
    ),
    'Connection' => 
    array (
      0 => 'keep-alive',
    ),
  ),
   'headerNames' => 
  array (
    'content-type' => 'Content-Type',
    'content-length' => 'Content-Length',
    'connection' => 'Connection',
  ),
   'protocol' => '1.1',
   'stream' => 
  GuzzleHttp\Psr7\Stream::__set_state(array(
     'stream' => NULL,
     'size' => NULL,
     'seekable' => true,
     'readable' => true,
     'writable' => true,
     'uri' => 'php://temp',
     'customMetadata' => 
    array (
    ),
  )),
))

PARSED RESPONSE -

array (
  'access_token' => 'c.sDUM9yL37b3gIERAdT3ZHcH2GBmPGgDMMVlQJotFoUZybP6rQaaqe3oneY2rmnE552lwLd6C5jUHz9aM9HBpijAotlZEEzSng7DkRt7tuam1551HML5DRBEOC9pX7tMc3H6kL4dpgwU83Z4e',
  'expires_in' => 315360000,
)

TRYING AN API REQUEST USING TOKEN -

GuzzleHttp\Psr7\Request::__set_state(array(
   'method' => 'GET',
   'requestTarget' => NULL,
   'uri' => 
  GuzzleHttp\Psr7\Uri::__set_state(array(
     'scheme' => 'https',
     'userInfo' => '',
     'host' => 'developer-api.nest.com',
     'port' => NULL,
     'path' => '',
     'query' => '',
     'fragment' => '',
  )),
   'headers' => 
  array (
    'Host' => 
    array (
      0 => 'developer-api.nest.com',
    ),
    'Authorization' => 
    array (
      0 => 'Bearer c.sDUM9yL37b3gIERAdT3ZHcH2GBmPGgDMMVlQJotFoUZybP6rQaaqe3oneY2rmnE552lwLd6C5jUHz9aM9HBpijAotlZEEzSng7DkRt7tuam1551HML5DRBEOC9pX7tMc3H6kL4dpgwU83Z4e',
    ),
  ),
   'headerNames' => 
  array (
    'authorization' => 'Authorization',
    'host' => 'Host',
  ),
   'protocol' => '1.1',
   'stream' => 
  GuzzleHttp\Psr7\Stream::__set_state(array(
     'stream' => NULL,
     'size' => 0,
     'seekable' => true,
     'readable' => true,
     'writable' => true,
     'uri' => 'php://temp',
     'customMetadata' => 
    array (
    ),
  )),
))

RESPONSE IS ALWAYS UNAUTHORIZED -

GuzzleHttp\Psr7\Response::__set_state(array(
   'reasonPhrase' => 'Unauthorized',
   'statusCode' => 401,
   'headers' => 
  array (
    'Content-Type' => 
    array (
      0 => 'application/json; charset=UTF-8',
    ),
    'Access-Control-Allow-Origin' => 
    array (
      0 => '*',
    ),
    'Cache-Control' => 
    array (
      0 => 'private, no-cache, no-store, max-age=0',
    ),
    'Pragma' => 
    array (
      0 => 'no-cache',
    ),
    'Connection' => 
    array (
      0 => 'close',
    ),
    'Content-Length' => 
    array (
      0 => '181',
    ),
  ),
   'headerNames' => 
  array (
    'content-type' => 'Content-Type',
    'access-control-allow-origin' => 'Access-Control-Allow-Origin',
    'cache-control' => 'Cache-Control',
    'pragma' => 'Pragma',
    'connection' => 'Connection',
    'content-length' => 'Content-Length',
  ),
   'protocol' => '1.1',
   'stream' => 
  GuzzleHttp\Psr7\Stream::__set_state(array(
     'stream' => NULL,
     'size' => 181,
     'seekable' => true,
     'readable' => true,
     'writable' => true,
     'uri' => 'php://temp',
     'customMetadata' => 
    array (
    ),
  )),
))

PARSED RESPONSE -

array (
  'error' => 'unauthorized',
  'type' => 'https://developer.nest.com/documentation/cloud/error-messages#auth-error',
  'message' => 'unauthorized',
  'instance' => '112b5aea-e923-4cff-b87e-21c3ab34df0c',
)

#2

Update on this:

The access token works if provided on the URL as a parameter:

https://developer-api.nest.com?auth=C.sDUM9y

It continues to receive an “unauthorized” error if provided as an Authorization header via the PHP program, although it does work when supplied as an Authorization header via curl.


#3

I suspect that your PHP library is not passing the authorization header upon redirect. Similar to what is discussed here for python.