I'm posting what worked for me here since I struggled with the first step for a while. The example included in the documentation for the request authorization looks like this:
https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken
That example above implies that the client_id is un-encoded and the redirect_uri is URL encoded. It's the other way around. From my experience with this, I found that the client_id needs to be URL encoded and the redirect_uri must NOT be URL encoded, as in:
https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA%3D&response_type=code&redirect_uri=http://redirect.example_community.com/getaccessToken
Once I followed that format, using that URL in my browser while I was logged in, I was able to get a response with a code value in the URL. Note that the Code value that is returned in the URL is URL encoded. You'll need to decode it before using it in the next step when you request the access token and refresh token at:
https://api.stage.lithium.com/auth/v1/accessToken?restapi.response_format=json
Be sure to include the Content-Type and client_id in the header, and include the code, client_id, client_secret, redirect_uri, grant_type in the body in proper JSON format. I was using Advanced Rest Client to do this manually. This second step also needs to be done within a couple of minutes after getting the Code itself.
Hello, its been a while since I posted this one. This is what I'm receiving after performing the operation:
URL:
or
{"status":"Bad Request","message":"Error fetching service details","statusCode":400}If I use tenant Id in the URL,I get this code:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
So then, I provide basic authentication and get the following:
< HTTP/1.1 302 Found
< Date: Thu, 14 Jun 2018 06:46:52 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: LiSESSIONID={VALUE}; Path=/; Secure; HttpOnly
< Set-Cookie: LithiumVisitor={VALUE}; Expires=Sun, 11-Jun-2028 06:46:52 GMT; Path=/; HttpOnly
< Location: https://{TENANT_ID}.stage.lithium.com/?response_type=code&redirect_uri={webhook_URL}
< Content-Length: 0
< Connection: closeand redirect URI, does not receive any incoming "code"
So, still none of the suggestion sadly seems to work.
I really appreciate your time for replying, :) robertcavanna, Gagandeeps and DougS
