Closed LeoniePhiline closed 4 years ago
Thank you @LeoniePhiline for reporting the issue. We will investigate the bug.
Hey @LeoniePhiline, do you have some code that we can use to reproduce this issue? I'm suspecting something else is wrong, since passing the redirect_uri doesn't result in a 401 (for me at least).
This works using the libary, and I used plain curl calls to verify this as well:
curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=refresh_token&refresh_token=<refresh_token>" https://app.teamleader.eu/oauth2/access_token
and
curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&grant_type=refresh_token&refresh_token=<refresh_token>&redirect_uri=localhost:8080" https://app.teamleader.eu/oauth2/access_token
both work fine.
Are you on the v2.0.0-RC2 release?
Hi @mark-gerarts My mistake - I figured it out. It was a configuration mistake on my side. Please excuse the noise.
No problem at all, glad you figured it out :)
It seems more like a Teamleader API bug, but nevertheless this is something fixable in this very, very helpful library:
When sending a refresh token request, it only succeeds if I remove the
&redirect_uri=...
parameter from the x-www-form-urlencoded request body. If the redirect uri is sent to the API, then the /oauth2/authorize endpoint responds with a401 Unauthorized
.The API documentation does not include
redirect_uri
as required parameter: https://developer.teamleader.eu/#/introduction/authentication/using-refresh-tokens But it also does not mention that including it would do any harm.A somewhat ugly workaround that does it for me is extending
\League\OAuth2\Client\Provider\AbstractProvider
(which I had done anyway to auto-fill credentials from.env
config) and overriding thegetAccessToken()
method: