AnsweredAssumed Answered

OAuth2.0 with data passed in body of POST

Question asked by birjo05 Employee on Nov 25, 2016
Latest reply on Nov 28, 2016 by dasjo02
  • Comment4

Hi All,

 

I'm struggling with setting up an oauth2.0 example in the gateway. The basic demo is to get the name of an account on Reddit using OAuth2.0.

 

I've got my application registered with Reddit, the initial browser redirect (302), authorization in Reddit and the call back with a code all working fine.

 

Where I'm stuck is attempting to submit the code in order to obtain the access token.

 

I started by trying to use the "Retrieve OAuth 2.0 Token - Authorization Code" assertion as it appears to be how this is done for the facebook/google example.

This assertion doesn't seem to be able to pass parameters such as client_id, grant_type and redirect_uri in the body.

In any case it fails and I don't know why or even if it is to be used for the callback. It does work for the initial browser redirect in that it correctly generates the "oauth.auth_req_url" variable in that case.

 

I then attempted to use the "Route via HTTP(s)" assertion and set the POSTed data manually. This fails as the assertion doesn't pass the data that is set in the HTTP->Customize Request Form POST Parameters dialog (I have verified this separately).

I then attempted to copy the "request" message to a separate message variable "request_copy", customise the 'mainpart' of that variable and then send that using "request_copy" as the Request Source. This also fails and sends the data from the original request.

 

Am I going about this the wrong way?

Is there any way of sending a custom POST message?

 

For reference, here is an example of interacting with Reddit's OAuth API using Python that I have been following:

OAuth2 Python Example · reddit/reddit Wiki · GitHub 

 

Thanks,
John

dasjo02
dasjo02 Employee Nov 28, 2016 9:48 PM
Correct Answer

Hi John,

 

With regards to POSTING the form data in a route assertion, you can do the following to exchange the code for a token:

 

1. Create a context variable of type message, content-type: application/x-www-form-urlencoded and the below form data replacing these values with your own:

 

code=9eb97423-e007-4f6c-b0d8-855191a2371a&grant_type=authorization_code&client_id=asdfasd837-dasdfa-4dfb-81fe-44cb82e13bc2&client_secret=44gsfg3-07ec-4asdf1-8533-738add343d6&redirect_uri=http://server.com/callback.html

 

2. In the Route assertion properties, change the HTTP method to POST and REQUEST SOURCE to the variable you created above

 

 

If you still run into issues it may be worth opening a ticket so we can review further. I have a working sample of the Retrieve OAuth 2.0 Token assertion I can provide as well, but would need some tweaking to fit your environment.

 

Regards,

Joe

See the reply in context
No one else had this question

Outcomes