Forum Discussion

vishwajeet_hol's avatar
vishwajeet_hol
Expert
10 years ago

Oauth 2.0 : facing issue to get authorization code

Hi,   I am trying to implement Oauth 2.0 authorization. I am not familier with it. I have referred below link on lithosphere : http://community.lithium.com/t5/Community-API-v2/OAuth-2-0-authoriza...
shravani's avatar
shravani
Guide
9 years ago

What are the appropriate permissions required?

I am getting the following response

{
"status": "Unauthorized",
"message": "client-id header or client_id query parameter is not authorized. Set your header to the value of your clientId or URL encode it to set as query param",
"statusCode": 401
}

 

rajpi's avatar
rajpi
Adept
9 years ago

Hi shravani

 

1. Check to see if you are in Rest-Api role --> This was done by admin/support for me.

2. Check to see if you are passing in client-id correctly in header (No encoding)

 

Let me know if this helped :)

 

Thanks

Raj

  • shravani's avatar
    shravani
    Guide
    9 years ago

    Hi rajpi

     

    Thanks for helping.

    I have tried it but it is still not working:smileysad:.

     

  • darmlin's avatar
    darmlin
    Contributor
    9 years ago

    shravani Did you ever get around your 401? 

     

    I'm getting the following on a newly generated authorization code:  {"response":{"httpCode":401,"message":"Unauthorized","status":"Authorization code is NOT authorized"}

     

     rajpi I think it's happy with my client-id etc. as if I tweak those I get a different error.  My user has both Make REST API calls that read and modify data from the community marked as Enabled. 

      {"response":{"httpCode":401,"message":"Unauthorized","status":"Authorization code is NOT authorized"}

     

    Any help greatly appreciated!

     

  • rajpi's avatar
    rajpi
    Adept
    9 years ago
    darmlin Check your callback url, encodings in your request
  • darmlin's avatar
    darmlin
    Contributor
    9 years ago

    Thanks rajpi

     

    I'm using the same redirect-uri as I do to obtain the authorization code.  When I tweak it intentionally to something invalid I receive (leading me to believe unchanged it may be valid):

    "response":{"httpCode":400,"message":"Bad Request","status":"client_id + client_secret + redirect_uri is NOT not valid"}}

     

    I've checked/tried encoding/decoding the authorization code and other values with the same result (and generated new fresh authorization codes) and get this response: 

     

    {"response":{"httpCode":401,"message":"Unauthorized","status":"Authorization code is NOT authorized"}}

     

    Double checking permissions again.

     

    I'm testing from curl and python/urrlib2 with the same result.

     

    Thanks for the help

     

     

  • tealiumjustin's avatar
    tealiumjustin
    Expert
    8 years ago

    Does this work with SSO?

     

    I'm also trying to authorize a back-end API following the directions here, under the heading "Using the authorization grant flow via a back-end API call":

    https://community.lithium.com/t5/Developer-Documentation/bd-p/dev-doc-portal?section=oauth2

     

    We use SSO for access to our community. I can't figure out how to get the authorization code. And, as previous replies have shown, the /auth/v1/accessToken request only returns a "400 Bad Request" with this body:

     

     

    {
    "response": {
        "httpCode":400,
        "message":"Bad Request",
        "status":"client_id + client_secret + redirect_uri is NOT not valid"
    }
}