1

I am trying to establish a connection with the Exact Online API and am following the steps listed at the Exact Online community page: https://support.exactonline.com/community/s/knowledge-base#All-All-DNO-Task-oauth-eol-oauth-dev-oauth2tut.

I managed to complete Step 1 and Step 2. That is, I am receiving the authorization code like listed in the example: "Actual response: https://www.mycompany.com/myapplication?code=XTzM!IAAAACbPTzQJXwFhM..."

I have to use this code in Step 3, but I can not seem to get it working. I use all the listed parameters but the response I get is:

Response [https://start.exactonline.nl/api/oauth2/token]
Date: 2018-04-14 10:58
Status: 400
Content-Type: text/html
Size: 11 B

I have no idea what I am doing wrong. The code I use for Step 3 is:

url <- "https://start.exactonline.nl/api/oauth2/token"
POST(url, add_headers("Content-type" = "application/x-www-form-urlencoded"),
    body = list(code="[CODE_FROM_STEP_2]",
        redirect_uri="[MY_WEBSITE_URI]", client_id="[MY_CLIENT_ID]", 
        client_secret="[MY_CLIENT_SECRET]", grant_type="authorization_code"))

If anyone can help me out with this I will be very grateful! Thanks.

EDIT: using verbose() in the POST call, the Status: 400 error is stated as HTTP/1.1 400 Bad Request.

Stan
  • 480
  • 1
  • 5
  • 18
  • You will need to exchange the code for a refresh token as far as I know. The process is described in the documentation on https://cloud.invantive.com, but you should execute the steps on a trusted device of your own since that site is only intended for invantive users. Please note but maybe already known that with the upcoming required 2FA for all users, a token allows you to access Exact Online without 2FA on every connect. – Guido Leenders Apr 14 '18 at 10:45
  • I basically do the things listed in that documentation. I have to log in to Exact Online at the browser, and when I do I get redirected to te redirect URI. The URL has a code in it like this: http://example.com/?code=pTvE%21IAAAAAdXxoeXk46U........ So I use the code in that URL in my POST code, but it keeps giving me the same response (Error status 400). – Stan Apr 14 '18 at 12:34
  • See step 2 in https://auth0.com/docs/api-auth/tutorials/authorization-code-grant or on the Cloud . Invantive com website check the different redirect Uri checkbox. There is an additional step on code grant flow. – Guido Leenders Apr 14 '18 at 12:43
  • When you need the data only for temporary use you can use also an url on data-access-point.com with user name / password , the sql query and desired output format like Sjon. – Guido Leenders Apr 14 '18 at 12:54
  • I read auth0.com/docs/api-auth/tutorials/authorization-code-grant but still have no clue on why my code does not work. – Stan Apr 14 '18 at 13:05
  • This has often to do with a small change in the redirect URI. I guess the redirect URIs used are not entirely the same. Please let us know the exact URIs you are using (you can change the domain name if you want to, but nothing else please). – Patrick Hofman Apr 14 '18 at 13:10
  • Ok so the redirect URI I entered in the API key is: `http://sfmt.nl/`. Then I make a call to get the authorization code with `https://start.exactonline.nl/api/oauth2/auth?client_id=[CLIENT_ID]&redirect_uri=http%3A%2F%2Fsfmt.nl%2F&response_type=code&force_login=0`. This takes me to the log in page, after logging in I get redirect to the correct redirect URI with the URL `http://sfmt.nl/?code=pTvE%21IAAA...` so I successfully obtain the authorization code. Next up is the POST call that won't work. I enter `redirect_uri = http://sfmt.nl/`. As far as I can see the redirect URI should match. – Stan Apr 14 '18 at 13:22
  • @PatrickHofman would it be handy to add a “show me the flow executed” to the preauthenticate public tool? Maybe using a test app people so get better insight how OAuth code flow works. Let’s talk Monday – Guido Leenders Apr 14 '18 at 13:34

1 Answers1

1

For anyone interested, I resolved this problem by using Postman to obtain the first access and refresh tokens. I then use the refresh token to obtain new access and refresh tokens using the following code:

a <- POST(url,
      body = list(refresh_token = {refresh_token},
                  grant_type = "refresh_token", client_id = {client_id}, 
                  client_secret = {client_secret}),
      encode = "form")
a.df <- as.data.frame(fromJSON(content(a,type="text")))

This will get you an access token, token type, expiring time and refresh token in a dataframe.

Stan
  • 480
  • 1
  • 5
  • 18