1

I aim to add Meetup oauth2 to Open Collective, a Node.js server using Passport. (I previously succeeded with GitHub oauth2, so in principle it's just about adding the Passport strategy passport-meetup-oauth2.)

To avoid any issues about using localhost (issue observed in other SO tickets), I used an HTTPS ngrok tunnel. On Meetup.com I created a new consumer with:

  • Redirect URI: https://e03857fc.ngrok.io (also tried with the full callbackURL mentioned below, same results)
  • Website: left empty (also tried same value as Redirect URI, same results)

In my code, I configured the MeetupStrategy with:

I then try the flow: I'm redirected correctly to Meetup.com where I'm requested to log in and click "Allow", then I'm redirected back to my server, but Passport issues a 500 TokenError:

{ TokenError at Strategy.OAuth2Strategy.parseErrorResponse (~/passport-oauth2/lib/strategy.js:321:12) at Strategy.OAuth2Strategy._createOAuthError (~/passport-oauth2/lib/strategy.js:368:16) at ~/passport-oauth2/lib/strategy.js:167:45 at ~/oauth/lib/oauth2.js:181:18 at passBackControl (~/oauth/lib/oauth2.js:123:9) at IncomingMessage.<anonymous> (~/oauth/lib/oauth2.js:143:7) at emitNone (events.js:91:20) at IncomingMessage.emit (events.js:185:7) at endReadableNT (_stream_readable.js:934:12) at _combinedTickCallback (internal/process/next_tick.js:74:11) at process._tickCallback (internal/process/next_tick.js:98:9) name: 'TokenError', message: undefined, code: 'invalid_client', uri: undefined, status: 500 }

The error is raised by the second oauth2 step (exchanging authorization_code for access_token): Passport calls the Meetup API, which replies with HTTP 400 Bad Request {"error":"invalid_client"}. Having added logs in the oauth lib, I can reproduce the Meetup invalid_client error as follows:

curl -v -X POST https://secure.meetup.com/oauth2/access -H "'Content-Type': 'application/x-www-form-urlencoded'" --data "grant_type=authorization_code&redirect_uri=https%3A%2F%2Fe03857fc.ngrok.io%2Fconnected-accounts%2Fmeetup%2Fcallback&client_id=XXX&client_secret=YYY&code=ZZZ"

It looks like the issue is on the Meetup side as I can reproduce it with curl, and the client ID and secret seem correct. Any idea what's causing the error?

Sébastien Dubois
  • 869
  • 9
  • 19
  • 1
    Try to have an exact match beween the redirect uri in the configuration and the callback url you provide. The provider could be oversensitive about this mismatch you have. – Wiktor Zychla Aug 15 '16 at 13:12
  • Yes that's what I first tried, then I only left the base URL as per the Meetup instructions: "You may enter a base url to get the maximum use out of this consumer". Same error in both cases. – Sébastien Dubois Aug 15 '16 at 13:17
  • 1
    And the very first request where you redirect the browser? Is it the same as the one you POST in the second step? – Wiktor Zychla Aug 15 '16 at 14:24
  • Good that you made me check that in detail, I wasn't passing the callbackURL in the second call! Github wasn't requesting this. – Sébastien Dubois Aug 16 '16 at 20:02
  • Does it work now then? – Wiktor Zychla Aug 16 '16 at 22:13
  • Yes, thanks :) (It's a separate issue but I now just have trouble passing exactly the same callbackURL both times --wanted to pass some encrypted data in its params, and if I re-encrypt for the second call it won't be the exact same string. Need to set up some temporary memory map...) – Sébastien Dubois Aug 17 '16 at 12:14

0 Answers0