Forum Discussion

Natkinson's avatar
Natkinson
Genius
2 months ago

Error with Oauth 2.0 Client Credentials workflow

I'm trying to authenticate an api call in a typescript app using the oauth 2.0 client credentials workflow and I'm running into issues, I believe, with generating the CC Hash for this. This is for Community Classic. I have verified that I have the correct client id, client secret and shared secret key and that they're being pulled in correctly in my code. Not sure what I'm missing, but this is the error I see when I try to authenticate:

{"error":"Authorization or API call failed","details":"Failed to obtain access token. Status: 403. Response: {\"status\":\"error\",\"message\":\"cc_hash is invalid.\",\"data\":{\"type\":\"error_data\",\"code\":214,\"developer_message\":\"The decryption failed. ccHash is Invalid\",\"more_info\":\"\"},\"metadata\":{}}"}

Here's the relevant part of my Typescript code that's generating the CC Hash. Not sure if something is formatted incorrectly or what's not being generated correctly or causing it to return an invalid cc hash

function generateCCHash(clientId: string, clientSecret: string, sharedSecretKey: string): string {
  try {
    const epochTimeMinute = getEpochTimeMinute();
    const nonce = generateNonce();

    const strToHash = `${clientId}:${clientSecret}:${nonce}:${epochTimeMinute}`;
    console.log("String to hash:", strToHash);

    const hash = crypto.createHash('sha512');
    hash.update(strToHash, 'utf8');
    hash.update(sharedSecretKey, 'utf8');

    const hashResult = hash.digest('hex');
    console.log("Generated hash (cc_hash):", hashResult);

    return hashResult;
  } catch (error) {
    console.error("Error generating CC-Hash:", error);
    throw error;
  }
}

 

API
Community API

2 Replies

Sort By
  • MattV's avatar
    MattV
    Khoros Staff
    2 months ago

    Once source of error is possible the getEpochTimeMinute. Maybe it's generating an incorrect value, either because the system clock is wrong, or maybe you're getting seconds instead of minutes or something like that. What I use is Math.floor(Date.now() / 60000);

    Other potential source of error is making sure you're sending to correct hash algorithm name when you make the call ("SHA512"). 

  • Natkinson's avatar
    Natkinson
    Genius
    2 months ago

    I am using that method for the epoch time and I am passing sha512 in the body when making the call. Maybe I have something incorrect in my headers or body?

    const res = await fetch(tokenUrl, { method: "POST", headers: { "Content-Type": "application/json", nonce: nonce, }, body: JSON.stringify({ client_id: clientId, client_secret: clientSecret, redirect_uri: redirectUri, grant_type: "client_credentials", cc_hash: ccHash, hash_algorithm: "sha512", }), });

    And just for reference, here are some example values of what my epoch time, nonce, and cc hash are generating as (these are old values from earlier this week so I should be fine posting them here). I have also double checked that my client id, client secret, and shared secret key are all correctly passed as well.

    epoch time in minutes: 28888867

    nonce: 6b6ba9ada7073749127d628bbdb5c7e4

    cc hash (using sha512): 7898dac2f7fb09297bda0f13235ee29596a091ff4a63193a023e3336435f5f5c28a3f5bfe6992ed29383b1cc2fe032876c56f84fb3c99b281595873438dd0a1b