Error trying to upvote: invalid_grant / The token has invalid role

[shawnlauzon]

I am attempting to upvote a post, and receiving this error. The code is using the OAuth / code flow (as described at https://docs.hivesigner.com/h/guides/get-started/hivesigner-oauth2)

1. POST to: https://hivesigner.com/oauth2/authorize?client_id=leofinance&redirect_uri=https%3A%2F%2Falpha.leofinance.io%2Fmobile%2Fcallback&response_type=code&scope=vote,comment
2. Retrieve code in redirect_uri
3. Send code to get authorization_token
4. Authorization token returned
5. POST to https://hivesigner.com/api/broadcast with header Authorization: <auth_token>
6. Receive error invalid_grant error_description The token has invalid role

Thank you, and let me know how I can provide additional information.

[feruzm]

@shawnlauzon did you try POST operation with code ? After step 2. try this:

POST https://hivesigner.com/api/broadcast
  Authorization: ACCESS_TOKEN
  Content-Type: application/json
  Accept: application/json
  Body: {
    "operations": [
      ["vote", {
        "voter": "guest123",
        "author": "ecency",
        "permlink": "trustpilot",
        "weight": 10000
      }]
    ]
  }

[shawnlauzon]

You mean use the auth code where it says ACCESS_TOKEN and don't even go through the entire OAuth flow?

I just tried that and it's giving the same thing. If I omit the Authentication header it is giving the same result (401 Unauthorized error / invalid_grant).

[feruzm]

@shawnlauzon

Is this working with access token you are getting? curl -H "Authorization: ACCESS_TOKEN" https://hivesigner.com/api/me

It is likely issue with configs or operation. What operation are you trying to broadcast via https://hivesigner.com/api/broadcast, could you share operation json?

[shawnlauzon]

Unfortunately, same problem with that command. It doesn't matter that I'm getting the access token in the app and then running the curl from another computer, does it?

[feruzm]

@shawnlauzon no it shouldn't matter. Can you share operation array that you are sending to hivesigner.com/api/broadcast ?

[shawnlauzon]

I'm sure it has to be a problem with not recognizing the token. Even if I pass nothing, I get the same error.

% curl -H "Authorization: <145 characters hidden>" https://hivesigner.com/api/me
{"error":"invalid_grant","error_description":"The token has invalid role"}

% curl -H "Authorization: Bearer <145 characters hidden>" https://hivesigner.com/api/me
{"error":"invalid_grant","error_description":"The token has invalid role"}

% curl https://hivesigner.com/api/me
{"error":"invalid_grant","error_description":"The token has invalid role"}

In any case, here's one of the operations which fails:

% curl -d '{"operations":[["vote",{"author":"taskmaster4450","permlink":"jswggopq","voter":"shawnlauzon","weight":5000}]]}' -H 'Authorization: <145 characters hidden>' https://hivesigner.com/api/broadcast
{"error":"invalid_grant","error_description":"The token has invalid role"}

[feruzm]

@shawnlauzon You are extracting access_token from this URL right?! After redirected back to your app: https://alpha.leofinance.io/mobile/callback?access_token=ACCESS_TOKEN&expires_in=36000

Everything looks ok, except code you are using might be indeed wrong one, could you please check and see if access_token is being extracted from url correctly?

[shawnlauzon]

Problem solved. Apparently someone changed the client secret without telling me. Thanks @feruzm for trying to debug this issue :)