We use Google OAuth2 to authenticate our users in the internal application using HybridAuth 2.4.0, and it went well until about a week ago when we started seeing more and more random "invalid_request" answers from https://accounts.google.com/ o / oauth2 / token .
When I say "random", today it is more likely: it doesnβt work, then it works systematically for about one minute (multiple authentication in the line will be successful) to stop working again (that is, the answer is "invalid_request").
We tried to upgrade to the latest version of HybridAuth (2.8.0 and now 2.8.1), this did not fix the problem.
Also checked the server time (it is synchronized by NTP and good), tried to create a new Google API secret, create a new Google API project without any luck.
We believe this is an environment / server issue since we have a local DEV environment where OAuth2 authentication works all the time. In addition, when using the Google API playground and accessing https://accounts.google.com/o/oauth2/token using the same payload as the PROD server, this works, we will get an "accesser" access_token.
Some HybridAuth debug logs:
2016-12-06T13:34:56+00:00 -- Endpoint: call adapter [Google] loginFinish()
2016-12-06T13:34:56+00:00 -- Enter OAuth2Client::request( https://accounts.google.com/o/oauth2/token )
2016-12-06T13:34:56+00:00 -- OAuth2Client::request(). dump request params: -- a:5:{s:9:"client_id";s:72:"[obfuscated].apps.googleusercontent.com";s:13:"client_secret";s:24:"[obfuscated]";s:10:"grant_type";s:18:"authorization_code";s:12:"redirect_uri";s:55:"https://[obfuscated]/endpoint?hauth.done=Google";s:4:"code";s:45:"[obfuscated]";}
2016-12-06T13:34:58+00:00 -- OAuth2Client::request(). dump request info: -- a:26:{s:3:"url";s:42:"https://accounts.google.com/o/oauth2/token";s:12:"content_type";s:31:"application/json; charset=utf-8";s:9:"http_code";i:400;s:11:"header_size";i:428;s:12:"request_size";i:318;s:8:"filetime";i:-1;s:17:"ssl_verify_result";i:0;s:14:"redirect_count";i:0;s:10:"total_time";d:2.5824850000000001;s:15:"namelookup_time";d:2.0000000000000002E-5;s:12:"connect_time";d:0.14088800000000001;s:16:"pretransfer_time";d:0.426647;s:11:"size_upload";d:753;s:13:"size_download";d:33;s:14:"speed_download";d:12;s:12:"speed_upload";d:291;s:23:"download_content_length";d:-1;s:21:"upload_content_length";d:753;s:18:"starttransfer_time";d:2.427991;s:13:"redirect_time";d:0;s:12:"redirect_url";s:0:"";s:10:"primary_ip";s:14:"[obfuscated]";s:8:"certinfo";a:0:{}s:12:"primary_port";i:443;s:8:"local_ip";s:11:"[obfuscated]";s:10:"local_port";i:35617;}
2016-12-06T13:34:58+00:00 -- OAuth2Client::request(). dump request result: -- s:33:"{
"error" : "invalid_request"
}";
Any clue on what direction to take for further investigation would be greatly appreciated :)