I think the main thing that is missing in your code is that you must use an authorization code to get a real access_token by calling the token service (see step 2 in my code). This means that you will have two curl requests. For more information, see Document: https://developers.google.com/accounts/docs/OAuth2WebServer?hl=de#handlingtheresponse
In addition, you need to create (if already done) the project https://code.google.com/apis/console/ to create the Client ID and Client secret for Authorized Access to the API. This is in addition to the developer key .
With some additional error checking, I prepared the following code and successfully tested it. I assume the script is accessible via URL
http:
:
<?php $developer_key='<!---hidden---!>'; $client_id= '<!---hidden---!>'; $client_secret='<!---hidden---!>'; // error checking; user might have denied access if (isset($_GET['error'])) { if ($_GET['error'] == 'access_denied') { echo('You have denied access. Click <a href="'. $_SERVER["SCRIPT_NAME"] .'">here</a> to retry…'); } else { echo("An error has occurred: ". $_GET['error']); } exit; } // Step 1: redirect to google account login if necessary if(!isset($_GET['code']) || $_GET['code'] === '') { Header('Location: https://accounts.google.com/o/oauth2/auth?client_id='. $client_id . '&redirect_uri=http%3A%2F%2Flocalhost%2Fyoutube.php' . '&scope=https://gdata.youtube.com&response_type=code&access_type=offline', true, 307); exit; } $authorization_code= $_GET['code']; // Step 2: use authorization code to get access token $url = "https://accounts.google.com/o/oauth2/token"; $message_post= 'code='. $authorization_code . '&client_id='. $client_id . '&client_secret='. $client_secret . '&redirect_uri=http://localhost/youtube.php' . '&grant_type=authorization_code'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $message_post); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); if ($cur_error= curl_error($ch)) { echo($cur_error); curl_close($ch); exit; } curl_close($ch); $jsonArray= json_decode($result, true); if ($jsonArray === null) { echo("Could not decode JSON."); exit; } if (isset($jsonArray['error'])) { echo("An error has occurred: ". $jsonArray['error']); exit; } if (!isset($jsonArray['access_token'])) { echo("Access token not found."); exit; } // Step 3: using access_token for youtube api call $message="Just Some Comment..."; $access_token= $jsonArray['access_token']; $video_id="I3LMKhu2-vo"; $message_xml='<?xml version="1.0" encoding="UTF-8"?> <entry xmlns="http://www.w3.org/2005/Atom" xmlns:yt="http://gdata.youtube.com/schemas/2007"> <content>' . $message . '</content> </entry>'; $url = "https://gdata.youtube.com/feeds/api/videos/" . $video_id . "/comments"; $header = array('Content-Type: application/atom+xml', 'Content-Length: ' . strlen($message_xml), 'Authorization: Bearer "' . $access_token . '"', 'GData-Version: 2.1', 'X-GData-Key: key=' . $developer_key); $ch = curl_init($url); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $header); curl_setopt($ch, CURLOPT_POSTFIELDS, $message_xml); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $result = curl_exec($ch); echo curl_error($ch); curl_close($ch); echo "DONE! Token:" . $access_token . "<br />\n"; var_dump($result); ?>
Please note that a user logging into their google account and on whose behalf a comment must be sent must have a linked YouTube account (one google account is not enough). In addition, he must post at least one comment on YouTube. Otherwise, he will see an error, such as "youtube_signup_required" or "NoLinkedYouTubeAccount".
And I switched to API 2.1 (GData-Version) as it is later and offers better functionality and error reporting in case of unrelated google accounts.