|
|
 Atiba B - 2018-09-26 18:27:32 I'm trying to integrate with a currently non-supported 3rd party API via Oauth2, using this library. They are only allowing select access to their API, until they make it public. According to their documentation, they don't require a "client secret". I believe I read through the necessary documentation and thought I made sense of how to create my own custom profile. I updated the JSON config and added my own profile and copied the FitBit2 example as a template.
The API I'm integrating with only requires a client_id, username and password (along with other standard oauth2 values), that would need to be POSTed to authenticate. When I pull up my template in a browser, the script returns errors that I need to provide valid client_id and secret values). I believe the errors are being returned from the external API. When I call the API using a HTTP tool (i.e. Poster), it works when the various values (client_id, username, password, etc) are in the JSON request body. I'm unsure how this library works under-the-hood, so I don't know if it's composing the request in a similar manner.
However, I did notice that after commenting out the client->oauth_username (and password) variables I manually put in my login template, that it appears to call the target API and then fails because it's missing the username and password.
I'm glad I found this library and don't want to give up on it. So, any help or insight would be appreciated...
 Manuel Lemos - 2018-09-27 04:09:16 - In reply to message 1 from Atiba BTry copying the configuration of Bitly instead of Fitbit2 because Bitly also supports password authentication.
Just let me know if it does not work or ask other questions.
Atiba B - 2018-09-28 03:46:11 - In reply to message 2 from Manuel LemosOK, using the Bitly config didn't help. But, I started stepping through the various classes/code and was able to seemingly narrow down where the problem is. As I had suspected, it appears that the "client_id" and "response_type=code" are missing in the POST body when requesting the access token.
Is there an easy way to implement this without having to tweak anything outside of the config or login files?
Manuel Lemos - 2018-09-29 09:21:58 - In reply to message 3 from Atiba BYes, you can create a new configuration entry for your OAuth server copying from Bitly. However, the "dialog_url" parameter already contains "client_id" and "response_type=code" values.
I guess you mean you need to put those values in the "access_token_url" parameter.
Atiba B - 2018-10-05 14:07:54 - In reply to message 4 from Manuel LemosOK. I'm slowly getting more and more familiar with your script. I guess I misunderstood dialog_url and access_token_url. After changing the access_token_url to the authorization url, that seemed to get me over that first hump (of not being able to authorize).
Now, I'm getting a response from the provider: OAuth client: Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 302 Response: Found. Redirecting to https://www.mysite.net/oauth_callback.php?code=05ea9ce2ed81e50354a72af943a6b64bd97df7a8&state=3332443242432
I would've thought that my script would've been automatically redirected back to my script, with the new authorization_code attached for me to move to next (get token) step. Is this something I need to take up w/ the provider or something I can handle on my end?
So, again, I feel like I'm missing or misunderstanding something. According to the provider's API documentation, I first authorize (using user name & password), to get the authorization code. Second, I use that code to make the next call to get the access and/or refresh token.
Does the templates you provide, support this flow or do I need to do some custom tweaking?
Thanks again for your help!
|
