search

caputomarcos / node-red-contrib-oauth2

The node-red-contrib-oauth2 is a Node-RED node that provides an OAuth2 authentication flow. This node uses the OAuth2 protocol to obtain an access token, which can be used to make authenticated API requests.
https://essavida.ai
MIT License
18 stars 17 forks source link

Token Refresh Fails: `Missing required parameter: code` #94

Open MitchTalmadge opened 3 months ago

MitchTalmadge commented 3 months ago

Which node are you reporting an issue on?

oauth2

What are the steps to reproduce?

  1. Enable Implicit Flow

  2. Set the required parameters for use with Google OAuth2 and Google Calendar:

    key value
    grant_type implicit_flow
    access_token_url https://accounts.google.com/o/oauth2/token
    authorization_endpoint https://accounts.google.com/o/oauth2/v2/auth
    client_id xxxxxxx
    client_secret xxxxxxx
    response_type code
    access_type offline
    prompt select_account
    scope https://www.googleapis.com/auth/calendar.events.readonly

  3. Turn on "Force Token Refresh" (This is just so you don't have to wait for the token to expire. Another option is to just wait for a couple hours and trigger the oauth2 node again).

  4. Obtain an OAuth2 code using the button in the config editor: image

  5. Trigger the node two times.


What happens?

The first time succeeds, the second time throws an error Missing required parameter: code. The first time is using the authorization_endpoint, and the second time is using access_token_url. The second request does not seem to include the code parameter. I wonder if it was not saved to the credentials object correctly?

Full error:

{
  "payload": 1719784227118,
  "topic": "",
  "_msgid": "xxxxxx",
  "oauth2Error": {
    "status": 400,
    "message": "Bad Request",
    "data": {
      "error": "invalid_request",
      "error_description": "Missing required parameter: code"
    },
    "headers": {
      "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
      "date": "Sun, 30 Jun 2024 21:50:27 GMT",
      "pragma": "no-cache",
      "expires": "Mon, 01 Jan 1990 00:00:00 GMT",
      "content-type": "application/json; charset=utf-8",
      "vary": "Origin, X-Origin, Referer",
      "server": "scaffolding on HTTPServer2",
      "x-xss-protection": "0",
      "x-frame-options": "SAMEORIGIN",
      "x-content-type-options": "nosniff",
      "alt-svc": "xxxxxxx",
      "connection": "close",
      "transfer-encoding": "chunked"
    }
  }
}

What do you expect to happen?

Token refresh should include the code correctly.

Please tell us about your environment: