Forum Discussion

iarriola's avatar
iarriola
Ace
8 years ago

Unable to get authorization code using V2 oauth2

I'm trying to call Community API v2 in order to: 1. Get an authorization code 2. Which can be used to request access tokens 3. Later be able to make request to v2 API passing the access token as B...
robertcavanna's avatar
robertcavanna
Mentor
8 years ago

I'm posting what worked for me here since I struggled with the first step for a while. The example included in the documentation for the request authorization looks like this:

https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

That example above implies that the client_id is un-encoded and the redirect_uri is URL encoded. It's the other way around. From my experience with this, I found that the client_id needs to be URL encoded and the redirect_uri must NOT be URL encoded, as in:

https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA%3D&response_type=code&redirect_uri=http://redirect.example_community.com/getaccessToken

Once I followed that format, using that URL in my browser while I was logged in, I was able to get a response with a code value in the URL. Note that the Code value that is returned in the URL is URL encoded. You'll need to decode it before using it in the next step when you request the access token and refresh token at: 

 

https://api.stage.lithium.com/auth/v1/accessToken?restapi.response_format=json

 

Be sure to include the Content-Type and client_id in the header, and include the code, client_id, client_secret, redirect_uri, grant_type in the body in proper JSON format. I was using Advanced Rest Client to do this manually. This second step also needs to be done within a couple of minutes after getting the Code itself. 

iarriola's avatar
iarriola
Ace
7 years ago

Hello, its been a while since I posted this one. This is what I'm receiving after performing the operation:

URL:

https://TENANT_ID.stage.lithium.com/forum/s/auth/oauth2/authorize?response_type=code&client_id=CLIENT_ID_ENCODED&redirect_uri=https://webhook.site/c8e57cc3-96f8-47e4-b48a-82940aa1f7f4

or

https://api.stage.lithium.com/forum/s/TENANT_ID/auth/oauth2/authorize?response_type=code&client_id=CLIENT_ID_ENCODED&redirect_uri=https://webhook.site/c8e57cc3-96f8-47e4-b48a-82940aa1f7f4

{"status":"Bad Request","message":"Error fetching service details","statusCode":400}

 If I use tenant Id in the URL,I get this code:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

So then, I provide basic authentication and get the following:

< HTTP/1.1 302 Found
< Date: Thu, 14 Jun 2018 06:46:52 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: LiSESSIONID={VALUE}; Path=/; Secure; HttpOnly
< Set-Cookie: LithiumVisitor={VALUE}; Expires=Sun, 11-Jun-2028 06:46:52 GMT; Path=/; HttpOnly
< Location: https://{TENANT_ID}.stage.lithium.com/?response_type=code&redirect_uri={webhook_URL}
< Content-Length: 0
< Connection: close

and redirect URI, does not receive any incoming "code" 

 

So, still none of the suggestion sadly seems to work.

 

I really appreciate your time for replying, :) robertcavannaGagandeeps and DougS

  • ashok285's avatar
    ashok285
    Ace
    7 years ago

    Hai iarriola

     

    Basically for getting  an authorization code below one is url:

     https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

     

    https://community.lithium.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken

    But you are giving  https://api.stage.lithium.com instead of this one  community.example_community.com .Give your community name at above URL it will work.

     

    Give kudos if you find my posts helpful or mark solution if it answers your query

    • joylim's avatar
      joylim
      Contributor
      7 years ago

      Quick question: For server-to-server calls, is there a programmatic way (an endpoint perhaps) to logon an API user?

      Context: In order to make the authorize endpoint work, the following should be done:

      1. Using a browser,  manually logon to the community site as an API user

      https://community.example_community.com/

      2. Paste the URL in the browser

      https://community.example_community.com/auth/oauth2/authorize?client_id=<urlEncodedClientId>&response_type=code&redirect_uri=<urlDecodedRedirectURI>

      3. Once submitted, note that the request has been redirected and the browser now shows authorization code as  'code'.

      https://community.example_community.com?code=<urlEncodedCode>&user-id=<userId>&tenant-id=<tenantId>&proxy-host=<proxyHost>

      I'd like to skip Step 1 (the manual part where the user needs to logon as an API user.) Is there a REST endpoint for logging in?  Thanks!

       

      • DougS's avatar
        DougS
        Khoros Oracle
        7 years ago

        You could alternatively use Session Key Authentication to get a REST API session key and use that in subsequent API calls you mean (REST V1 or V2).

        -Doug