Solved: Authenticate with PHP - Constant Contact Community

HelpingHandsAct · ‎08-25-2023

Hi,

I need to write a PHP script to create a contact but first I have to authenticate. I'm having trouble and could use some help. This is for a server script, when an event happens, we need to create a contact so there'll be no user around to handle a pop up to grant permission. I set up a new app in the dev portal and set the flow to device.

I wrote this function to get a device id:

unction getAuthRequest($client_id) {
    $curl = curl_init();

    curl_setopt_array($curl, array(
        CURLOPT_URL => 'https://authz.constantcontact.com/oauth2/default/v1/device/authorize',
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => '',
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 0,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => 'POST',
        CURLOPT_POSTFIELDS => 'client_id=' . urlencode($client_id) . '&scope=openid',
        CURLOPT_HTTPHEADER => array(
            'Content-Type: application/x-www-form-urlencoded',
            'Accept: application/json'
        ),
    ));

    $response = curl_exec($curl);
    curl_close($curl);
    $decodedResponse = json_decode($response, true);

    // Check if device_code exists in the response
    if (isset($decodedResponse['device_code'])) {
        return $decodedResponse['device_code'];
    } else {
        return null; // Or return some error message or handle this scenario as per your need.
    }
}

Then I wrote this function to get an auth token;

function getRequestToken($client_id, $device_code) {
    $curl = curl_init();

    curl_setopt_array($curl, array(
        CURLOPT_URL => 'https://authz.constantcontact.com/oauth2/default/v1/token',
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => '',
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 0,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => 'POST',
        CURLOPT_POSTFIELDS => 'client_id=' . $client_id . '&device_code=' . $device_code . '&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code',
        CURLOPT_HTTPHEADER => array(
            'Content-Type: application/x-www-form-urlencoded'
        ),
    ));

    $response = curl_exec($curl);
    curl_close($curl);

    return $response;
}

I had a previous bug and it might have run correctly but now it says that there is a pending, please try again later.

I don't know if I am doing this right, did I select the proper OAuth2 flow, I don't know my approach in code is right either.  And what do I do about the device authorization is pending?.

Any help is appreciated.
Thanks,
Brian

John__B · ‎08-28-2023

Hello Brian,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

The “authorization_pending” response you encountered would indicate that the user has not yet authorized the application device using the verification_uri but that the device_code has not yet expired. In order for the token request to be successful, the device must first be authorized through the verification_uri returned in the response of the initial authorization request.

All of our available authorization flows require the use of a browser window for a user to grant access to an application/integration on their Constant Contact account, however, you should only need to do this once as after this has been done, the application can maintain account access through the use of refresh tokens.

Please have a look and let us know if you have any other questions!

Regards,

John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

View solution in original post

John__B · ‎08-28-2023

Hello Brian,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

The “authorization_pending” response you encountered would indicate that the user has not yet authorized the application device using the verification_uri but that the device_code has not yet expired. In order for the token request to be successful, the device must first be authorized through the verification_uri returned in the response of the initial authorization request.

All of our available authorization flows require the use of a browser window for a user to grant access to an application/integration on their Constant Contact account, however, you should only need to do this once as after this has been done, the application can maintain account access through the use of refresh tokens.

Please have a look and let us know if you have any other questions!

Regards,

John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

RobertM42 · ‎09-10-2023

I am having similar issues. I need my application to be able to get access and make changes to contacts etc. using php cURL requests- No "user" etc. Here is something I saw on the internet about OAuth2 that seems like the answer? Does CC support this?

============

Application access

In some cases, applications may need an access token to act on behalf of themselves rather than a user. For example, the service may provide a way for the application to update their own information such as their website URL or icon, or they may wish to get statistics about the users of the app. In this case, applications need a way to get an access token for their own account, outside the context of any specific user. OAuth provides the client_credentials grant type for this purpose.

To use the client credentials grant type, make a POST request like the following:

POST https://api.authorization-server.com/token
    grant_type=client_credentials&
    client_id=CLIENT_ID&
    client_secret=CLIENT_SECRET

The response will include an access token in the same format as the other grant types.

Thanks for any help.

John__B · ‎09-13-2023

Hello RobertM42,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

Constant Contact does not currently support the client credentials OAuth2 flow, however, we appreciate your feedback with this use case. Your feedback and experience with this request is essential to improving our product, so thank you for reaching out to us regarding this matter.

Each of our current OAuth2 authorization flows requires the use of a browser window to grant access to an application on a Constant Contact account, however, you should only need to do this once as after this step is completed your application can maintain account access to make future required changes by utilizing refresh tokens to obtain a new token set once the access token expires. Below I’m including our device flow documentation step on refreshing the access token. You can disregard the “Authentication” section in this step which states that a Client Secret is required. The device authorization flow does not use the Client Secret and this section has been reported to our engineering team for a correction.

Step 8: Refresh the Access Token:

https://developer.constantcontact.com/api_guide/device_flow.html#step-8-refresh-the-access-token

Please have a look and let us know if you have any other questions!

Regards,

John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

Authenticate with PHP

Application access

Developer Portal

API Updates