Forum Discussion

iarriola's avatar
8 years ago

Unable to get authorization code using V2 oauth2

I'm trying to call Community API v2 in order to:

1. Get an authorization code

2. Which can be used to request access tokens

3. Later be able to make request to v2 API passing the access token as Bearer.

 

All this following the instructions in the OAuth 2.0 authorization grant flow document.

 

Instructions seems pretty straightforward:

1. Make a GET call to the authorize endpoint (I'm using Paw REST client). Making notice that I'm, including both header and url parameter with the client ID which I already created at community admin. I didn't included a redirect url, because I don't need it, this is intended to be a Backend call.

 

GET /auth/oauth2/authorize?client_id=COMPANY-CLIENT-ID%3D%3D&response_type=code HTTP/1.1
client-id: COMPANY-CLIENT-ID==
Host: www.stg.company.com
Connection: close
User-Agent: Paw/3.1.4 (Macintosh; OS X/10.12.6) GCDHTTPRequest

 

 

2. After this call I should get in return as the doc textually says: 

After you call the authorization endpoint, redirect the member to your client application with the authorization code and tenant ID returned with the response to complete the request.

At this point my request does not return what is expected, instead I'm getting 302 Found response, with the below headers.

HTTP/1.1 302 Found
Server: Apache
X-Frame-Options: SAMEORIGIN
Set-Cookie: LiSESSIONID=SOME-SESSION_ID; Path=/; Secure; HttpOnly
Set-Cookie: LithiumVisitor=~SOME_COOKIE~VALUE..; Expires=Mon, 13-Sep-2027 21:30:07 GMT; Path=/; HttpOnly
Location: https://www.stg.company.com/?response_type=code&redirect_uri=https%3A%2F%2Fwww.stg.company.com%2F%2F&client_id=6XmMCgSBjYo%2F8boYwsEdICuK3O%2FvA5U6Huf%2FjE2kNxw%3D
Via: 1.1 varnish
Fastly-Debug-Digest: 0e18909eb3f76f7dad7f8262a3c3ed27d2e751a77b5cdad6f72b85e51b13fdb5
Strict-Transport-Security: 608400
Content-Length: 0
Accept-Ranges: bytes
Date: Fri, 15 Sep 2017 21:30:07 GMT
Via: 1.1 varnish
Age: 0
Connection: close
X-Served-By: cache-sjc3125-SJC, cache-dfw18639-DFW
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1505511008.567881,VS0,VE62
Access-Control-Allow-Origin: https://www.stg.company.net

So I'm not even able complete this first step successfully.  Any suggestion about what am I missing?

 

  • Hi 

     

    You can try the solution mentioned below it seems to be a perfect one .

     

    Let me know if you are stuck somewhere will help you with that .

     

    Thanks

  • DougS's avatar
    DougS
    Khoros Oracle

    The first call (to /auth/oauth2/authorize) needs to be made via a web browser, and requires you to sign into (or already be signed into) the community. Once that has happened, that page will redirect you to whatever URL you registered your API client with and should include the authorization code as a parameter in that redirect.

     

    If that is not working for some reason, I would recommend opening a support case and include all the details about what API client you were using (client id should be enough) and what user id you signed into the community using and support should be able to help get this resolved for you.

  • I'm posting what worked for me here since I struggled with the first step for a while. The example included in the documentation for the request authorization looks like this:

    https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

    That example above implies that the client_id is un-encoded and the redirect_uri is URL encoded. It's the other way around. From my experience with this, I found that the client_id needs to be URL encoded and the redirect_uri must NOT be URL encoded, as in:

    https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA%3D&response_type=code&redirect_uri=http://redirect.example_community.com/getaccessToken

    Once I followed that format, using that URL in my browser while I was logged in, I was able to get a response with a code value in the URL. Note that the Code value that is returned in the URL is URL encoded. You'll need to decode it before using it in the next step when you request the access token and refresh token at: 

     

    https://api.stage.lithium.com/auth/v1/accessToken?restapi.response_format=json

     

    Be sure to include the Content-Type and client_id in the header, and include the code, client_id, client_secret, redirect_uri, grant_type in the body in proper JSON format. I was using Advanced Rest Client to do this manually. This second step also needs to be done within a couple of minutes after getting the Code itself. 

    • iarriola's avatar
      iarriola
      Ace

      Hello, its been a while since I posted this one. This is what I'm receiving after performing the operation:

      URL:

      https://TENANT_ID.stage.lithium.com/forum/s/auth/oauth2/authorize?response_type=code&client_id=CLIENT_ID_ENCODED&redirect_uri=https://webhook.site/c8e57cc3-96f8-47e4-b48a-82940aa1f7f4

      or

      https://api.stage.lithium.com/forum/s/TENANT_ID/auth/oauth2/authorize?response_type=code&client_id=CLIENT_ID_ENCODED&redirect_uri=https://webhook.site/c8e57cc3-96f8-47e4-b48a-82940aa1f7f4

      {"status":"Bad Request","message":"Error fetching service details","statusCode":400}

       If I use tenant Id in the URL,I get this code:

      <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
      <html><head>
      <title>401 Unauthorized</title>
      </head><body>
      <h1>Unauthorized</h1>
      <p>This server could not verify that you
      are authorized to access the document
      requested.  Either you supplied the wrong
      credentials (e.g., bad password), or your
      browser doesn't understand how to supply
      the credentials required.</p>
      </body></html>

      So then, I provide basic authentication and get the following:

      < HTTP/1.1 302 Found
      < Date: Thu, 14 Jun 2018 06:46:52 GMT
      < Server: Apache
      < X-Frame-Options: SAMEORIGIN
      < Set-Cookie: LiSESSIONID={VALUE}; Path=/; Secure; HttpOnly
      < Set-Cookie: LithiumVisitor={VALUE}; Expires=Sun, 11-Jun-2028 06:46:52 GMT; Path=/; HttpOnly
      < Location: https://{TENANT_ID}.stage.lithium.com/?response_type=code&redirect_uri={webhook_URL}
      < Content-Length: 0
      < Connection: close

      and redirect URI, does not receive any incoming "code" 

       

      So, still none of the suggestion sadly seems to work.

       

      I really appreciate your time for replying, :) robertcavannaGagandeeps and DougS

      • ashok285's avatar
        ashok285
        Ace

        Hai iarriola

         

        Basically for getting  an authorization code below one is url:

         https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

         

        https://community.lithium.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

        But you are giving  https://api.stage.lithium.com instead of this one  community.example_community.com .Give your community name at above URL it will work.

         

        Give kudos if you find my posts helpful or mark solution if it answers your query