search

softwerkab / fortnox-csharp-api-sdk

.NET SDK for Fortnox API.
MIT License
52 stars 64 forks source link

GetTokenAsync throws exception without redirectUri #237

Open JohanForngren opened 2 years ago

JohanForngren commented 2 years ago

When I try to get auth codes using the API version 4.3.1 without passing a redirectUri or setting it to null I get the exception: {"Message":"An error has occurred.","ExceptionMessage":"Request failed: The redirect URI is missing or do not match",

using Fortnox.SDK;
using Fortnox.SDK.Auth;

// Constructor
private readonly FortnoxAuthClient _fortnoxAuthClient = new FortnoxAuthClient();
private readonly IStandardAuthWorkflow _authWorkflow  = _fortnoxAuthClient.StandardAuthWorkflow;

// This works fine without redirectUri, and is accepted by fortnox, redirecting back
Scope[] scopes = {Scope.CompanyInformation};
var authUri = _authWorkflow.BuildAuthUri(_clientId, scopes, state);

// Throws the above exception.
var tokenInfo = await _authWorkflow.GetTokenAsync(authorizationCode, _clientId, _clientSecret);

// Throws the above exception.
var tokenInfo = await _authWorkflow.GetTokenAsync(authorizationCode, _clientId, _clientSecret, null);

// This works.
string _redirectUri = "https://same-url-as-configured-at-fortnox-dev-portal";
var tokenInfo = await _authWorkflow.GetTokenAsync(authorizationCode, _clientId, _clientSecret, _redirectUri);

I've tried it on both in dev environment and at the _redirectUri host with the same results. I haven't yet tried it with other parts of the API.

richardrandak commented 2 years ago

The error message is from the API, so it seems the redirect URI is required for obtaining the token. All I can do is to make the argument mandatory also in the method signature, instead of null-by-default to force users to specify it.

JohanForngren commented 2 years ago

@richardrandak It should be optional according to the docs: https://developer.fortnox.se/general/authentication/

I will email Fortnox support, referencing this issue.

strndi commented 2 years ago

It's not really optional, It's only optional for test apps, if you want to to list your app on their app market - you have to use a redirect URI else your app won't be published.

JohanForngren commented 2 years ago

Reply from Fortnox below. Does not match my experience, but I haven't confirmed using the rest api directly.

8 mars 2022 08:31 CET Hej!

Det är optional att ta med den i authorization URL:en. Tar du inte med den så kommer den automatiskt att hämtas från er utvecklarportal.

Önskar er en trevlig dag! Med vänliga hälsningar Fortnox AB

Besökare 7 mars 2022 17:33 CET Hej, Okej, men är redirect_uri optional för Get Authorization-Code såsom det står här? Eller behöver jag faktiskt skicka med den ändå? Authorization | Fortnox Developer (https://developer.fortnox.se/general/authentication/) Tack! Johan

7 mars 2022 15:51 CET Hej Johan!

När det kommer till vårt SDK är detta numera Opensource och inget som vi på Fortnox supporterar.

Detta sköts helt via GitHub.

Tack, Med vänliga hälsningar Fortnox AB http://www.fortnox.se

Besökare 7 mars 2022 12:53 CET Hej! Använder csharp-apiet och får felmeddelanden som tycks avvika från förväntat beteende enligt dokumentationen. Se GetTokenAsync throws exception without redirectUri · Issue #237 · FortnoxAB/csharp-api-sdk (github.com) för detaljer. Tack! Johan Forngren