Closed ghost closed 1 year ago
This looks valid. My only suggestion is to try being explicit about setting OrderCloudClientConfig.GrantType
:
var userClient = new OrderCloudClient(new OrderCloudClientConfig {
ClientId = _userClientId,
GrantType = GrantType.Password,
...
Also just make absolute certain that neither _username
nor _password
is null or empty. Let us know if these suggestions work; if not, we'll investigate further.
Also if client secret is defined on the API client then it is a required parameter on all auth calls. Any chance you set that field by mistake?
Also if client secret is defined on the API client then it is a required parameter on all auth calls. Any chance you set that field by mistake?
I must have missed that detail! So yes, I did set a client secret, however not by mistake, but by ignorance.
Without removing the client secret from the API Client, setting ClientSecret
before setting Password
gives me the same error about an invalid client secret
(presumably because the grant type depends on which one of the properties ClientSecret
and Password
is set last). I think the error message could be more helpful when attempting to use the password flow with an API Client for which a client secret has been set.
Setting Password
before ClientSecret
(which means the grant type is client credentials), I do get a valid response:
var userClient = new OrderCloudClient(new OrderCloudClientConfig {
ClientId = _buyerSellerClientId,
Username = _username,
Password = _password,
ClientSecret = _buyerSellerClientSecret,
ApiUrl = "https://westeurope-sandbox.ordercloud.io",
AuthUrl = "https://westeurope-sandbox.ordercloud.io",
Roles = new[] { ApiRole.Shopper }
});
var resp = await userClient.AuthenticateAsync();
The question is, whose token is in resp.AccessToken
at that point?
You raise some good points. Best advice I can give is to be explicit with GrantType
. The behavior you're seeing is emanating from API itself and not the SDK, but we're going to evaluate whether we're being too strict with this requirement. Will report back here once a decision has been made.
Based on some internal discussions, this API behavior is by design. The advice is to not "multi-purpose" your API clients, essentially. If you set a ClientSecret, use that client only when authenticating with the client_credentials grant type, and create a separate client, without a ClientSecret, for use with password flows.
This code results in
OrderCloud.SDK.OrderCloudException: invalid_client: invalid client secret
. What does the client secret have to do with anything? Is the error message supposed to sayinvalid user password
? (I'm positive the password is correct, so that shouldn't be the case either, but...)By the way, is the above supposed to be a valid way of getting a user access token, or should I stick to using using a FullAccess client and ImpersonationConfigs instead?