Closed adamjgrant closed 12 years ago
berg
commented
12 years ago Are you sure you're sending this as a POST (including those parameters in the body, not the query string), and not a GET? The grant_type check is the first thing that fails in the code.
adamjgrant
commented
12 years ago Yes. But I'm currently trying a non-jQuery post request and seeing if that makes a difference. Please hold.
berg
commented
12 years ago Cool -- POSTing with body type application/json could also cause this.
adamjgrant
commented
12 years ago What does "body type" mean? Maybe this is where I'm going wrong.
Adam Kochanowicz UX Designer Debtdomain.com
Le mardi, août 21, 2012 à 7:47 PM, Bryan Berg a écrit :
Cool -- POSTing with body type application/json could also cause this.
— Reply to this email directly or view it on GitHub (https://github.com/appdotnet/api-spec/issues/122#issuecomment-7920387).
berg
commented
12 years ago It's the content-type of the POST body. If you're just passing an object (versus a pre-encoded string) to $.ajax/$.post as "data", you should be in good shape. If that's not working, could you paste in a code snippet?
adamjgrant
commented
12 years ago The post-auth function:
function finalAuth(code) {
consoleLog('final authorization');
var dataString = 'client_id=---&client_secret=---&grant_type=authorization_code&redirect_uri=http://kickstrapp.net&code=' + code;
postURL('https://alpha.app.net/oauth/access_token', dataString);
}The AJAX function:
function postURL(url, dataString) {
if(window.XMLHttpRequest) {
var xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) consoleLog('success');
}
xmlhttp.open("POST",url,true);
xmlhttp.setRequestHeader("Content-type","data");
xmlhttp.send(dataString);
}
}Also, I'm getting a different error now, so that must have fixed the initial problem.
https://alpha.app.net/oauth/access_token 405 (METHOD NOT ALLOWED) init.js:20
XMLHttpRequest cannot load https://alpha.app.net/oauth/access_token. Origin http://kickstrapp.net is not allowed by Access-Control-Allow-Origin.Is this because my callback is not https?
adamjgrant
commented
12 years ago consoleLog() is a Kickstrap override of console.log() by the way.
voidfiles
commented
12 years ago So, it looks like you have a client side app, you can go through our Client Side flow https://github.com/appdotnet/api-spec/blob/master/auth.md#client-side-flow
It might be easier.
adamjgrant
commented
12 years ago K, I'm dumb. I don't know why I'm using both server and client side calls. It's late. Hold up.
adamjgrant
commented
12 years ago Oops, had to change a "+" to a "." for PHP. Now the error is "invalid token." I'm going to try making a new app and seeing if that doesn't fix it.
<?php
if(isset($_GET["code"])) {
$xml = 'client_id=---&client_secret=---&grant_type=authorization_code&redirect_uri=http://kickstrapp.net&code=' . $_GET["code"];
$url = 'https://alpha.app.net/oauth/access_token';
$ch = curl_init($url);
$cType = array('Content-type: data');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($curl, CURLOPT_HTTPHEADER, $cType);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
echo ($response);
curl_close($ch);
}
?>So your content-type should probably be "application/x-www-form-urlencoded" without the quotes
Also you should checkout some libraries that help abstract some of this stuff like
http://requests.ryanmccue.info/
And there are a couple of PHP Libs that might help you out as well https://github.com/jdolitsky/AppDotNetPHP https://github.com/dopiaza/DPZAppNet
here is how DPZ handles this code path https://github.com/dopiaza/DPZAppNet/blob/master/src/DPZ/AppNet.php#L123
adamjgrant
commented
12 years ago Yep, making a new app did it. Other devs might have issues if they test incrementally as they follow through.
adamjgrant
commented
12 years ago Thanks @voidfiles I'll check that out.
On step 3 of server-side flow,
I keep getting this data back. According to the specs, my grant type should be "authorization_code"...which it is: