2

I need to go through the OAuth2 flow for ExactOnline but I get stuck on step 3 of the docs (https://developers.exactonline.com/#OAuth_Tutorial.html%3FTocPath%3DAuthentication%7C_____2)

I created the following c# code using the Postman chrome app for testing http requests but keep getting 400 errors (bad request). The postman app also gave me 400 errors but no matter what settings I set, I always seem to get a 400 error.

var authToken = "veryyyyyylongtoken";
var redirectUri = "the-url-I-set-in-the-dashboard";
var grantType = "authorization_code";
var clientId = "id-guid";
var clientSecret = "secret";
var exactAccesTokenRequestEndpoint = "https://start.exactonline.nl/api/oauth2/token";

var client = new RestClient(exactAccesTokenRequestEndpoint);
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", String.Format("code={0}&redirect_uri={1}&grant_type={2}&client_id={3}&client_secret={4}", authToken, exactAccesTokenRequestEndpoint, grantType, clientId, clientSecret), ParameterType.RequestBody);
var response = client.Execute(request);

How is this code wrong?

The app registered at Exact is running in test mode, not production.

Any ideas?

===== EDIT =====

Based on Gusman's pointers I changed the code to the following. This still give a 400 error.

var client = new RestClient(exactAccesTokenRequestEndpoint);
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("code", authToken, ParameterType.RequestBody);
request.AddParameter("redirect_uri", redirectUri, ParameterType.RequestBody);
request.AddParameter("grant_type", grantType, ParameterType.RequestBody);
request.AddParameter("client_id", clientId, ParameterType.RequestBody);
request.AddParameter("client_secret", clientSecret, ParameterType.RequestBody);
var response = client.Execute(request);
Corstiaan
  • 1,114
  • 15
  • 34

3 Answers3

1

Your first issue is solved by Gusman.

My guess is that the second problem is related to the exactAccesTokenRequestEndpoint you have set. Exact is really picky on the URL and I doubt if that URL you have is the URL described in the App store settings in EOL. Make sure it is at least the URL given in the settings.

So if your settings contains http://localhost/abc/, your redirect_uri should be at least http://localhost/abc/ and not http://localhost/abc, which may seem valid.

Community
  • 1
  • 1
Patrick Hofman
  • 153,850
  • 22
  • 249
  • 325
  • Are you referring to exactAccesTokenRequestEndpoint or to redirectUri? Because redirectUri contains the url I set in the dashboard. exactAccesTokenRequestEndpoint is set to "https://start.exactonline.nl/api/oauth2/token". Just checking to make sure we are on the same page :-) – Corstiaan Feb 05 '16 at 12:28
  • Yes, that is wrong. It should be the same as in your app settings. – Patrick Hofman Feb 05 '16 at 12:33
  • You use it twice, once as the POST URL, than as the `redirect_uri`. The last one is wrong. – Patrick Hofman Feb 05 '16 at 12:34
  • So I need to init the RestClient with the url I set in the dashboard? Like so: RestClient(redirectUri);? Because that's what it comes down to if I understand correctly. Are you sure we are on the same page? :-). – Corstiaan Feb 05 '16 at 12:35
  • Ok will give this a go. Will check back later. Thanks – Corstiaan Feb 05 '16 at 12:39
  • No luck, unfortunately. Still a 400 message. Double checked `redirect_uri` in the Exact app settings, it's 100% correct. Also double checked `clientId` and `clientSecret`. They are ok as well. Your suggestion confuses me a bit as it deviates from the Exact docs (https://developers.exactonline.com/#OAuth_Tutorial.html%3FTocPath%3DAuthentication%7C_____2), step 3. It says that the `exactAccesTokenRequestEndpoint` (which I am using to post) is a different value than `redirectUri` – Corstiaan Feb 05 '16 at 14:14
  • In your initial code the `redirect_uri` and the post URL were the same, I see in the second sample they are different. What is the value for `redirect_uri` in your App settings and in your code? You may obfuscate the company name or so. – Patrick Hofman Feb 05 '16 at 14:20
  • It's `http://fluxmatix.com` in the Exact app settings, and it's `http://fluxmatix.com` in my code, as the value of `redirectUri` – Corstiaan Feb 05 '16 at 14:24
  • And the `authorization_code` is retrieved using the `/auth` endpoint? – Patrick Hofman Feb 05 '16 at 16:11
1

Ok, solved it. Had to UrlDecode the token I got back from the Exact response in step 2, before passing it to the request in step 3. Like so:

var authToken = WebUtility.UrlDecode("code/token");

Thanks to everybody who weighted in on the matter :-)

Corstiaan
  • 1,114
  • 15
  • 34
0

I can't see which REST client are you using, but I can assume the "request.AddParameter" call expects Name, Content and ParamType.

If that's the case then you added it wrong, you need to do:

request.AddParameter("code", authToken, ParameterType.RequestBody);
request.AddParameter("redirect_uri", redirectUri, ParameterType.RequestBody);

and so on, you must add one by one the request parameter and let the rest client construct the body.

EDIT: I see the client is only on the name, ok, that's what RestSharp expects :)

Gusman
  • 14,905
  • 2
  • 34
  • 50
  • Thanks. I also felt your approach would be more logical, adding all params separately. However, my initial code was wat Postman gave me so I went with that, assuming I did not know things better than Postman. I have edited my post to include the new code. It still give me a 400 unfortunately. Any ideas? – Corstiaan Feb 04 '16 at 20:56