I’ve been using PHP to interact with the Patreon API for a while now, however my scripts appear to have stopped working as of yesterday(-ish).
Upon investigating, I noticed that a newer version of the project had been committed (going from version 1.0 to 2.0). However updating didn’t solve the issue.
I dug into it a bit and I’ve noticed that I’m no longer getting a token reply. I investigated into the curl calls being executed by OAuth.php, and the response consists of an HTML block which says:
"One more step
Please complete the security check to access api.patreon.com"
I’m not sure what to make of it, since I’d expect the API to return some sort of json block if there was a problem.
Could this be a hiccup with the updated API itself or am I simply missing something? I’m still learning my way through here, so it might just be me. The relevant section of code after returning from the Patreon Login page with the appropriate single-use code is effectively the same as the example on the documentation:
$client_id = 'x';
$client_secret = 'y';
$creator_id = 'z';
$redirect_uri = "a;
//(All substituted by their appropriate values, of course)
$oauth_client = new Patreon\OAuth($client_id, $client_secret);
$tokens = $oauth_client->get_tokens($_GET['code'], $redirect_uri);
$access_token = $tokens['access_token'];
$refresh_token = $tokens['refresh_token'];
Both tokens return NULL, and following the get_tokens() function leads to the aforementioned HTML.
This is most likely an issue with cloudflare’s bot detection. If you’re able to give us more information we should be able to work to make sure it won’t happen again.
We don’t have those kind of restrictions and I’m very certain “Please complete the security check to access” comes from Cloudflare.
Any additional information you have will help us make this issue a thing of the past both for you and other API consumers.
In similar cases one can also easily suspect any server-level interference from things like mod_security filtering and modifying urls, redirects, post & get operation. I encountered such a situation with a user who had his WP website at Bluehost. They seem to have a rather over-configured mod_security that filters many things. Even the oauth redirect that comes back to WP after authorization at patreon.
Hey guys, sorry to bring this up again but I’ve got more info:
-The problem came back last night, same issue.
-My host is Hostgator. I contacted their support team to look into the mod_security points from above, but the technician didn’t find any violations coming from my site in their security logs.
Is there any other information I could provide that would help? I checked the curl_exec($ch) response in OAuth.php and I’m pretty sure that the text is the generic Cloudfare protection text as Lira suggested; that “Please enable cookies” that’s included with it seems kind of suspect though. Could that be related? Possibly some setting I need to flip on my end?
Bumping this as I have the issue too. Your API is using cloudflare protection which is actually returning a captcha instead of JSON data (which breaks all your parsing code) I really don’t understand why you’re using a captcha on an API instead of some other method of rate control. As I assume my servers IP is somehow blacklisted by cloudflare, how am I supposed to access the API? (Which was working fine until 2 weeks ago)
I’m seeing the same things on my end (about the captcha, when the curl_exec occurs)… Would be great to have an update from the Patreon devs or if someone find a trick…