Unify Circuit OAuth2 - Why does Body return empty [] from REST API requests?

Question

When I try REST API's with my oauth 2.0's token I keep getting back empty results [] under the body with OK-200 status codes in the headers.

I created a bot and tested the rest API's with curl + basic authentication and also with swagger and they work fine. I tested my curl command using oauth 2.0 with the swagger token and this works fine as well.

I tried different settings to test, but to stick with a basis:

• I created a Bot under custom apps, Scopes are 'All' selected and TTL is 'Forever'.

• I requested and received my token successfully via REST with the following scopes:'READ_USER_PROFILE,WRITE_USER_PROFILE,READ_CONVERSATIONS,WRITE_CONVERSATIONS,READ_USER'.

• I noticed that 'ALL' scope doesn't work, it returns "invalid_client, The Application null is not enabled for scope ::=[ALL]", but the same client works without any of the scopes above mentioned together or on their own except 'ALL'.

• I made sure I had the necessary scopes for the REST APIs I was testing, e.g. 'READ_CONVERSATIONS' for "/conversations"

• I don't receive any 401 or other error codes at all, just 200's.

• I tested the same commands with the token generated by swagger and that one returns the body string with results (in other words, this token works)

• I have replicated this same problems with Postman and PowerShell's Invoke-WebRequest/Invoke-RestMethod.

• Not sure if it's related, but I noticed the "OAuth Apps" options no longer exist in the web app: webclient under "Administration" > "OAuth Apps". "OAuth Apps" tab, enable "OAuth Apps" in "Settings" > "Circuit Labs".

\\Requesting token:
curl -X POST https://circuitsandbox.net/oauth/token -d "client_id=myclientidhere&client_secret=myclientsecrethere&grant_type=client_credentials&scope=READ_USER_PROFILE,WRITE_USER_PROFILE,READ_CONVERSATIONS,WRITE_CONVERSATIONS,READ_USER" -i

{"access_token":"myaccesstokenhere","token_type":"Bearer","scope":["READ_USER_PROFILE","WRITE_USER_PROFILE","READ_CONVERSATIONS","WRITE_CONVERSATIONS","READ_USER"]}

\\Making request:
curl -i "https://circuitsandbox.net/rest/v2/conversations" -H "Authorization: Bearer myaccesstokenhere" -i
[]

\\\Full sample (-i parameter):
\\Requesting token:
curl -X POST https://circuitsandbox.net/oauth/token -d "client_id=myclientidhere&client_secret=myclientsecrethere&grant_type=client_credentials&scope=READ_USER_PROFILE,WRITE_USER_PROFILE,READ_CONVERSATIONS,WRITE_CONVERSATIONS,READ_USER" -i

HTTP/1.1 200 OK
Date: Sat, 22 Jun 2019 01:21:43 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 179
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
access-control-allow-headers: Accept, Accept-Language, User-Agent, Origin, Connection, Host, Accept-Encoding, Authorization, Content-Type, api_key, apiKey
ETag: W/"b3-K441G+yOERm+Qhj2E8VpkzO8ISg"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=157680000; includeSubdomains; preload

{"access_token":"myaccesstokenhere","token_type":"Bearer","scope":["READ_USER_PROFILE","WRITE_USER_PROFILE","READ_CONVERSATIONS","WRITE_CONVERSATIONS","READ_USER"]}

\\Making request:
curl -i "https://circuitsandbox.net/rest/v2/conversations" -H "Authorization: Bearer myaccesstokenhere"

HTTP/1.1 200 OK
Date: Sat, 22 Jun 2019 01:25:37 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 2
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT, PATCH, OPTIONS
access-control-allow-headers: Accept, Accept-Language, User-Agent, Origin, Connection, Host, Accept-Encoding, Authorization, Content-Type, api_key, apiKey
ETag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=157680000; includeSubdomains; preload

[]

I expect the output to include the body output for the request, e.g.

{"type":"COMMUNITY","convId":"5fad5fa4-1097-d66f-083a-3f129214e99f","participants":["5fad5fa4-1097-d66f-083a-3f129214e99f","5fad5fa4-1097-d66f-083a-3f129214e99f","5fad5fa4-1097-d66f-083a-3f129214e99f","5fad5fa4-1097-d66f-083a-3f129214e99f"],"topic":"YourCompany","creationTime":1560992185888,"modificationTime":1561143383261,"creatorId":"5fad5fa4-1097-d66f-083a-3f129214e99f","creatorTenantId":"5fad5fa4-1097-d66f-083a-3f129214e99f","description":"Default open conversation for YourCompanyHere"}

But the actual output is: [ ]

Answer 1

Just tested that and I get the conversations (and communities) returned.This will not return your conversations, but the conversations the bot is a member of. Make sure the bot is a member of a conversation.

Answer 2

as mentioned in the response above, that was part of what I was missing, I still got blanks back even after adding the bot to the conversation. I also faced all kind of weird problems, e.g. receiving errors when trying to add the old bot to new conversations etc. The reason why is because I was using the same e-mail address for my circuit sandbox account and for the bot, so that probably created conflict. In short, this is what worked for me:

1. Created new bot with a different e-mail address than my sandbox account (even a fake e-mail works)

2. Added bot to the conversation via e-mail address (bot name didn't pull it up) - Thanks @Roger

3. Ran same commands to create token and use API's, this time it succeeded!

Help figuring it out, issue and fix reproed by a colleague in a different sandbox (Thanks Ricky El-Qasem!), tested in postman, curl and PowerShell.