Issues connecting to OAuth2 API from Node.js/Javascript?

Question

I am trying to connect to the Freshbooks API using OAuth2 and I'm not sure why it is not working. https://www.freshbooks.com/api/authentication

I started using the simple-oauth2 library: https://github.com/lelylan/simple-oauth2 so I created the following in my app.js:

const oauth2 = simpleOauthModule.create({
    client: {
        id: process.env.CLIENT_ID,
        secret: process.env.CLIENT_SECRET,
    },
    auth: {
        tokenHost: 'https://api.freshbooks.com',
        tokenPath: '/auth/oauth/token',
        authorizePath: 'https://my.freshbooks.com/service/auth/integrations/sign_in',
    },
});

//authorization uri definition
const authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: 'https://localhost:3000/callback',
    //scope: 
    //state:
});

//initial page redirecting to freshbooks
router.get('/auth', function(req, res) {
    console.log('Inside /auth');
    console.log(authorizationUri);
    res.redirect(authorizationUri);
});

//callback service parsing the aurothization token and asking for access token
router.get('/callback', async (req, res) => {
    console.log('Inside /callback');
    const code = req.query.code;
    const options = {
        code,
    };

    try {
        const result = await oauth2.authorizationCode.getToken(options);
        console.log('The resulting token: ', result);

        return res.status(200).json(token);
    } catch(error) {
        console.error('Access token error', error.message);
        return res.status(500).json('Authentication failed');
    }
});

Now I have a button which when pressed calls the /auth route. This opens up the Freshbooks login page, however, once I enter my credentials and click sign in nothing happens, the form stays open and I receive no response back to my app.

Am I missing something? What should I be expecting to happen? Is this an issue with Freshbooks rather than my code?

Is there a better way to do this rather than using the simple-oauth2 library?

Thanks for the help!

[_"For security reasons, redirect URIs must specify HTTPS as their protocol"_](https://www.freshbooks.com/api/authentication) — Patrick Evans, Jul 14 '18 at 23:25
@PatrickEvans unfortunately, setting the redirect URI to a different webpage I have deployed on Heroku using HTTPS still does not do anything after the sign in page. Any idea what else I can try? — user2573690, Jul 14 '18 at 23:32

Brijesh Patel · Answer 1 · 2018-07-15T04:19:44.937

Are you using localhost in redirect uri? While testing I would suggest to use ngrok to generate live https url. Set the redirect uri with this host and your callback route.

Also authorizePath needs to be relative route rather than the absolute path. Try using code below:

const oauth2 = simpleOauthModule.create({
  client: {
    id: process.env.CLIENT_ID,
    secret: process.env.CLIENT_SECRET,
  },
  auth: {
    tokenHost: 'https://api.freshbooks.com',
    tokenPath: '/auth/oauth/token',
    authorizePath: '/service/auth/integrations/sign_in',
  },
});

//initial page redirecting to freshbooks
router.get('/auth', function(req, res) {
  console.log('Inside /auth');
  const authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: 'https://<ngrok_tunnel_id>.ngrok.io/callback'
  });
  console.log(authorizationUri);
  res.redirect(authorizationUri);
});

//callback service parsing the aurothization token and asking for access token
router.get('/callback', async (req, res) => {
  console.log('Inside /callback');
  const code = req.query.code;
  const options = {
    code
  };

  try {
    const result = await oauth2.authorizationCode.getToken(options);
    console.log('The resulting token: ', result);

    return res.status(200).json(token);
  } catch(error) {
    console.error('Access token error', error.message);
    return res.status(500).json('Authentication failed');
  }
});

module.exports = router

Thanks for the help! I have set up a self signed certificate for my localhost so now my app is accessible over https but I am still seeing the same issue. Should I use ngrok over the certificate? Also, for the authorize path unfortunately it is not on the same host, as per their documentation, the authorize path is on https://my.freshbooks.com so I can't use relative path, could this be the issue? — user2573690, Jul 15 '18 at 15:48
I managed to get a bit further along. I updated the redirect URI in the freshbooks admin panel and now after I sign in I get redirected and the authorization code is returned back to my application, now when I use that authorization code to get the token the api returns not found. Even navigating to https://api.freshbooks.com/auth/oauth/token returns resource not found. Is this an issue with their api? — user2573690, Jul 15 '18 at 16:43

Issues connecting to OAuth2 API from Node.js/Javascript?

1 Answers1