Getting access token with axios

Question

I'm working with the Lyft API, and trying to figure out how to get an access token with axios with a node script.

I can manually get an access token by using Postman by filling out the form like this:

When I fill out the form, I can get a new token from Lyft successfully.

I'm trying to translate this into a POST request using axios by doing this:

var axios = require('axios');
var data = {
"grant_type": "client_credentials",
"scope": "public",
"client_id": "XXXXXXXXX",
"client_secret": "XXXXXXXX"
};
var url = "https://api.lyft.com/oauth/token";
  return axios.post(url, data)
    .then(function(response){
        console.log(response.data)
    })
    .catch(function (error) {
      console.log(error);
    });

When I run the script, I get this error:

{ error_description: 'Unauthorized', error: 'invalid_client' }

What am I missing from my axios request? Any help would be appreciated!

It appears that you have posted sensitive/private information. Please reset your passwords and/or revoke API keys and tokens. You can also edit out the info and flag your post for a moderator to redact the edit history. — Samuel Liew, Sep 24 '18 at 09:21

score 12 · Accepted Answer · answered Jan 18 '17 at 12:50

12

According to the docs from Lyft (https://developer.lyft.com/docs/authentication), you need to use HTTP Basic auth.

var axios = require("axios");

axios.request({
  url: "/oauth/token",
  method: "post",
  baseURL: "https://api.lyft.com/",
  auth: {
    username: "vaf7vX0LpsL5",
    password: "pVEosNa5TuK2x7UBG_ZlONonDsgJc3L1"
  },
  data: {
    "grant_type": "client_credentials",
    "scope": "public"    
  }
}).then(function(res) {
  console.log(res);  
});

Happy coding :)

!IMPORTANT THING!
I strongly recommend you to change your secret_id and client_secret asap, because they are not the things to be public, if you use them for an important project or something like that.

answered Jan 18 '17 at 12:50

IzumiSy

1,508
9
17

1

Thanks it worked! Also, I just refreshed the credentials, thanks for the security tip – Mike Jan 18 '17 at 12:58
Although Axios is great for API access, using your client ID and secret in Javascript is not secure, as code is visible to public. I'm also searching for this issue ... to use oAuth credentials in browser or Cordova apps. – Rajendra May 31 '18 at 03:14
this answer is missing content type. – Akhil Ghatiki Jul 08 '21 at 09:43

score 8 · Answer 2 · answered Jun 04 '19 at 06:01

8

I have solved my problem with this code.

var reqData = "grant_type=password&username=test&password=asd";
         Axios({
    method: 'post',
    url: 'http://localhost:60439/token',
        data: (reqData),   

    headers: { 
      "Content-Type": "application/x-www-form-urlencoded",
    }
  }).then((response) =>{
            console.log(response)
        }).catch((error) =>{
            console.log(error);
        })

answered Jun 04 '19 at 06:01

DKR

5,426
1
19
21

Yes, and don't make the mistake I made. The following config is incorrect. data: { 'grant_type': 'client_credentials' } You must use the grant_type=credentials format. – technoY2K Aug 18 '19 at 21:06

score 1 · Answer 3 · answered Apr 04 '20 at 18:47

const axios = require("axios");
const qs = require("qs");

const url = "URL";

const data = {
  grant_type: "client_credentials",
};

const auth = {
  username: "Client ID",
  password: "Client Secret",
};

const options = {
  method: "post",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded",
  },
  data: qs.stringify(data),
  auth: auth,
  url,
};

  axios(options)
 .then((response) => {
      console.log(response.data.access_token);
  })
 .catch((err) => {
      console.log(err);
  });

score 0 · Answer 4 · answered Sep 11 '18 at 17:37

The Best solution was source using the following way. The client sends a POST request with following body parameters to the authorization server

grant_type with the value client_credentials
client_id with the the client’s ID
client_secret with the client’s secret

scope with a space-delimited list of requested scope permissions.

    axios.post('https://exmaple.com/oauth/token',
    'grant_type=client_credentials&scope=all&client_id=1&client_secret=bb'
    )
    .then(function(res) {
       console.log(res);  
    })
    .catch(error => {
       console.log(error)
    })

score 0 · Answer 5 · edited Sep 29 '21 at 22:24

The following works. I got it by reading the above comments. The trick was the data field. To be clear use - data: "grant_type=client_credentials"

Example:

const axios = require("axios");
axios.request({ 
    headers:{'Content-Type': 'application/x-www-form-urlencoded'},
    url: "/oauth2/token",
    method: "post",
    baseURL: "https://<ServerFQDN>/", 
    data: "grant_type=client_credentials", 
    auth: {
        username: "<username>",
        password: "<password>"
    }
});

Getting access token with axios

5 Answers5