AnsweredAssumed Answered

OAuth2.0 with data passed in body of POST

Question asked by birjo05 Employee on Nov 25, 2016
Latest reply on Nov 28, 2016 by dasjo02

Hi All,

 

I'm struggling with setting up an oauth2.0 example in the gateway. The basic demo is to get the name of an account on Reddit using OAuth2.0.

 

I've got my application registered with Reddit, the initial browser redirect (302), authorization in Reddit and the call back with a code all working fine.

 

Where I'm stuck is attempting to submit the code in order to obtain the access token.

 

I started by trying to use the "Retrieve OAuth 2.0 Token - Authorization Code" assertion as it appears to be how this is done for the facebook/google example.

This assertion doesn't seem to be able to pass parameters such as client_id, grant_type and redirect_uri in the body.

In any case it fails and I don't know why or even if it is to be used for the callback. It does work for the initial browser redirect in that it correctly generates the "oauth.auth_req_url" variable in that case.

 

I then attempted to use the "Route via HTTP(s)" assertion and set the POSTed data manually. This fails as the assertion doesn't pass the data that is set in the HTTP->Customize Request Form POST Parameters dialog (I have verified this separately).

I then attempted to copy the "request" message to a separate message variable "request_copy", customise the 'mainpart' of that variable and then send that using "request_copy" as the Request Source. This also fails and sends the data from the original request.

 

Am I going about this the wrong way?

Is there any way of sending a custom POST message?

 

For reference, here is an example of interacting with Reddit's OAuth API using Python that I have been following:

OAuth2 Python Example · reddit/reddit Wiki · GitHub 

 

Thanks,
John

Outcomes