[PHP]Error 401 Token invalid while using google api oauth access token

After getting acces token I'开发者_C百科d like to use it to read protected data (e.g. contacts). But as a response to the request I'm getting

Token invalid - Invalid AuthSub token.

Error 401

I compared parameters that I am sending to those from OAuth Playground and there is no difference between them (except timestamp, nonce and signature which is understanding).

My headers looks like this:

Content-Type: application/atom+xml

Authorization: OAuth oauth_parameters

Any ideas what could go wrong?

I wasn't setting the SESSION properly, so I was actually using my request token with the secret instead of my access token :P

    if(empty($_GET["oauth_token"])) { 
    $_SESSION["token_secret"] = $oauthTokenSecret;
    $_SESSION["oauth_token"] = $oauth_token;

    echo '<script>window.location="'.$auth_url.'";</script>';
}
else {

    $oauth_token->key = urldecode($_GET["oauth_token"]);
    $oauth_token->secret = $_SESSION["token_secret"];

    echo "<Br>";
    echo "<Br> FIRST OAUTH TOKEN: ";
    echo $oauth_token->key;

    echo "<Br>";
    echo "<Br> FIRST OAUTH TOKEN SECRET: ";
    echo $oauth_token->secret;

    print_r($_SESSION);
    echo "<Br>";
    echo "<Br>";

    // GET https://www.google.com/accounts/OAuthGetAccessToken
    $req = OAuthRequest::from_consumer_and_token($consumer, $oauth_token, 'GET',
        $token_endpoint.'OAuthGetAccessToken', array('oauth_verifier' => $_GET['oauth_verifier']));

    $req->sign_request($sig_method, $consumer, $oauth_token, $privKey);

    print_r($req); 

    $response = send_signed_request('GET', $token_endpoint.'OAuthGetAccessToken', array($req->to_header()));

@Rafal - I would make sure that you have acquired 2 separate tokens (one for the initial request and then one for access). Another thing to take note of is it's important that you rebuild the new signature with the new token/secret because it was return "Invalid signature" if you keep it the same.

Since there is a necessary redirection during this process you must keep the initial token secret in a SESSION variable. The oauth_token will be returned in the URL after the user is returned to your app, but the token secret will not. You must store it in a variable you can access after the round-trip is complete.

If you wish to store the entire oauth_token object in a session make sure you instantiate the object BEFORE your "session_start()"

$oauth_token = new OAuthToken($oauthToken, $oauthTokenSecret);

session_start();

Otherwise, you will receive a "incomplete object" warning when you reprint the token received from SESSION. I've spent a long time on this project, and have become deeply involved with OAuth. Please feel free to ask me any questions, Rafal.