Grant_type=password

Hi,

Is grant_type=password supported for the FreeAgent OAuth 2.0
implementation?

The docs, https://dev.freeagent.com/docs/oauth, say “The FreeAgent API
implements OAuth 2.0 Draft 22http://tools.ietf.org/html/draft-ietf-oauth-v2-22
and Oauth 2.0 Draft
22, http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4, says “OAuth
defines four grant types: authorization code, implicit, resource owner
password credentials, and client credentials.”.

When I attempt to use grant_type=password corresponding to the “resource owner
password credentials” with https://api.freeagent.com/v2/token_endpoint I
get {“error”:“unsupported_grant_type”}

Is this expected? How do i use “resource owner password credentials” as a
grant type with FreeAgent?

Regards,
Mark

Hi Mark,

I saw your support ticket but thought I’d reply on the mailing list for the
benefit of others.

All FreeAgent accounts, including accounts co-branded with IRIS or
accountancy practices are able to use API v2. I’d encourage you to have
another look at: https://dev.freeagent.com/docs/quick_start. The
instructions there use the FreeAgent Sandbox Server for which you can
create a temporary account at https://signup.sandbox.freeagent.com/signup.

To use your main FreeAgent account credentials, change the references to
api.sandbox.freeagent.com in the instructions to api.freeagent.com.

Kind regards,

GraemeOn 3 February 2014 19:55, Mark Blackman polardog@gmail.com wrote:

Thanks for the quick response. I feared it might be that FreeAgent left
out the “resource owner password credentials” grant type. You might
consider spelling that out on the ‘oath’ page.

As you’ve probably guessed, I’m implemented a custom non-web client
application that runs from the command line only and it designed to work
exclusively with my account. I tried the “Playground” but my FreeAgent
account credentials didn’t seem to help. I’m guessing this is a result of
my accountant being the ultimate owner of the account through his reseller
deal. I have direct FreeAgent account details, but they only refer to a
trial account, the main user login is associated with this reseller
account, but I don’t think I have enough privilege to authorise my client
application.

I’ve queried support with my options and I’ll try the “Playground” route
again, but I suspect I might represent a bit of an edge case for the v2 API.

On Monday, February 3, 2014 9:28:11 AM UTC, Graeme Boyd wrote:

Hi Mark,

We only implement the “authorization code” grant type. The password grant
type is not appropriate for FreeAgent as it would mean that our users would
have to share their login credentials with third party app developers and
wouldn’t be able to easily revoke access.

If you just want to access a single account and don’t want to implement
the OAuth flow, then I suggest using the Google OAuth 2.0 Playground:
https://dev.freeagent.com/docs/quick_start to retrieve an access and
refresh token. Your app can then use the access token with FreeAgent.
When the access token expires, use the refresh token to get a new access
token.

Kind regards,

Graeme

On 3 February 2014 00:04, Mark Blackman pola...@gmail.com wrote:

Hi,

Is grant_type=password supported for the FreeAgent OAuth 2.0
implementation?

The docs, https://dev.freeagent.com/docs/oauth, say “The FreeAgent API
implements OAuth 2.0 Draft 22http://tools.ietf.org/html/draft-ietf-oauth-v2-22
and Oauth 2.0 Draft 22, http://tools.ietf.org/
html/draft-ietf-oauth-v2-22#section-4, says “OAuth defines four grant
types: authorization code, implicit, resource owner password
credentials, and client credentials.”.

When I attempt to use grant_type=password corresponding to the “resource owner
password credentials” with https://api.freeagent.com/v2/token_endpoint I
get {“error”:“unsupported_grant_type”}

Is this expected? How do i use “resource owner password credentials” as
a grant type with FreeAgent?

Regards,
Mark


You received this message because you are subscribed to the Google
Groups “FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to freeagent_ap...@googlegroups.com.
To post to this group, send email to freeag...@googlegroups.com.

Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.


Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_api+unsubscribe@googlegroups.com.
To post to this group, send email to freeagent_api@googlegroups.com.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774

Thanks for confirming, I did get the OAuth playground to deliver the
access and refresh tokens, but it felt like I had to do a lot of reading
between the lines and educated guesses.

a) That Google page with all the Google services suggests you need to use a
legitimate scope, but I put in an arbitrary scope URL in the custom field
and that was fine.
b) The App Developer page refers to an ‘OAuth identifier’ but everything
else seems to refer to a ‘client id’.
c) While the instructions do refer to the ‘cog’ icon, I still think it’s a
poor UI not to expose those elements in the initial “playground” page.
d) I originally thought I would need a google/gmail login just to use the
OAuth playground, but that ultimately turned out not to be necessary
(although posting here requires one).

As you suggested, my account was adequate for getting a token, although I
originally suspected I wasn’t the resource owner, thinking the accountant
was the resource owner.

Thanks for the timely and helpful responses.On Tuesday, February 4, 2014 9:26:38 AM UTC, Graeme Boyd wrote:

Hi Mark,

I saw your support ticket but thought I’d reply on the mailing list for
the benefit of others.

All FreeAgent accounts, including accounts co-branded with IRIS or
accountancy practices are able to use API v2. I’d encourage you to have
another look at: https://dev.freeagent.com/docs/quick_start. The
instructions there use the FreeAgent Sandbox Server for which you can
create a temporary account at https://signup.sandbox.freeagent.com/signup.

To use your main FreeAgent account credentials, change the references to
api.sandbox.freeagent.com in the instructions to api.freeagent.com.

Kind regards,

Graeme

On 3 February 2014 19:55, Mark Blackman <pola...@gmail.com <javascript:>>wrote:

Thanks for the quick response. I feared it might be that FreeAgent left
out the “resource owner password credentials” grant type. You might
consider spelling that out on the ‘oath’ page.

As you’ve probably guessed, I’m implemented a custom non-web client
application that runs from the command line only and it designed to work
exclusively with my account. I tried the “Playground” but my FreeAgent
account credentials didn’t seem to help. I’m guessing this is a result of
my accountant being the ultimate owner of the account through his reseller
deal. I have direct FreeAgent account details, but they only refer to a
trial account, the main user login is associated with this reseller
account, but I don’t think I have enough privilege to authorise my client
application.

I’ve queried support with my options and I’ll try the “Playground” route
again, but I suspect I might represent a bit of an edge case for the v2 API.

On Monday, February 3, 2014 9:28:11 AM UTC, Graeme Boyd wrote:

Hi Mark,

We only implement the “authorization code” grant type. The password
grant type is not appropriate for FreeAgent as it would mean that our users
would have to share their login credentials with third party app developers
and wouldn’t be able to easily revoke access.

If you just want to access a single account and don’t want to implement
the OAuth flow, then I suggest using the Google OAuth 2.0 Playground:
https://dev.freeagent.com/docs/quick_start to retrieve an access and
refresh token. Your app can then use the access token with FreeAgent.
When the access token expires, use the refresh token to get a new access
token.

Kind regards,

Graeme

On 3 February 2014 00:04, Mark Blackman pola...@gmail.com wrote:

Hi,

Is grant_type=password supported for the FreeAgent OAuth 2.0
implementation?

The docs, https://dev.freeagent.com/docs/oauth, say “The FreeAgent API
implements OAuth 2.0 Draft 22http://tools.ietf.org/html/draft-ietf-oauth-v2-22
and Oauth 2.0 Draft 22, http://tools.ietf.org/
html/draft-ietf-oauth-v2-22#section-4, says “OAuth defines four grant
types: authorization code, implicit, resource owner password
credentials, and client credentials.”.

When I attempt to use grant_type=password corresponding to the "
resource owner password credentials" with https://api.freeagent.
com/v2/token_endpoint I get {“error”:“unsupported_grant_type”}

Is this expected? How do i use “resource owner password credentials” as
a grant type with FreeAgent?

Regards,
Mark


You received this message because you are subscribed to the Google
Groups “FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to freeagent_ap...@googlegroups.com.
To post to this group, send email to freeag...@googlegroups.com.

Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.


Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog.
freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_ap...@googlegroups.com <javascript:>.
To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.


Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774

Hi Mark,

We only implement the “authorization code” grant type. The password grant
type is not appropriate for FreeAgent as it would mean that our users would
have to share their login credentials with third party app developers and
wouldn’t be able to easily revoke access.

If you just want to access a single account and don’t want to implement the
OAuth flow, then I suggest using the Google OAuth 2.0 Playground:
https://dev.freeagent.com/docs/quick_start to retrieve an access and
refresh token. Your app can then use the access token with FreeAgent.
When the access token expires, use the refresh token to get a new access
token.

Kind regards,

GraemeOn 3 February 2014 00:04, Mark Blackman polardog@gmail.com wrote:

Hi,

Is grant_type=password supported for the FreeAgent OAuth 2.0
implementation?

The docs, https://dev.freeagent.com/docs/oauth, say “The FreeAgent API
implements OAuth 2.0 Draft 22http://tools.ietf.org/html/draft-ietf-oauth-v2-22
and Oauth 2.0 Draft 22,
http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4, says “OAuth
defines four grant types: authorization code, implicit, resource owner
password credentials, and client credentials.”.

When I attempt to use grant_type=password corresponding to the “resource owner
password credentials” with https://api.freeagent.com/v2/token_endpoint I
get {“error”:“unsupported_grant_type”}

Is this expected? How do i use “resource owner password credentials” as a
grant type with FreeAgent?

Regards,
Mark


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_api+unsubscribe@googlegroups.com.
To post to this group, send email to freeagent_api@googlegroups.com.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774

Thanks for the quick response. I feared it might be that FreeAgent left out
the “resource owner password credentials” grant type. You might consider
spelling that out on the ‘oath’ page.

As you’ve probably guessed, I’m implemented a custom non-web client
application that runs from the command line only and it designed to work
exclusively with my account. I tried the “Playground” but my FreeAgent
account credentials didn’t seem to help. I’m guessing this is a result of
my accountant being the ultimate owner of the account through his reseller
deal. I have direct FreeAgent account details, but they only refer to a
trial account, the main user login is associated with this reseller
account, but I don’t think I have enough privilege to authorise my client
application.

I’ve queried support with my options and I’ll try the “Playground” route
again, but I suspect I might represent a bit of an edge case for the v2 API.On Monday, February 3, 2014 9:28:11 AM UTC, Graeme Boyd wrote:

Hi Mark,

We only implement the “authorization code” grant type. The password grant
type is not appropriate for FreeAgent as it would mean that our users would
have to share their login credentials with third party app developers and
wouldn’t be able to easily revoke access.

If you just want to access a single account and don’t want to implement
the OAuth flow, then I suggest using the Google OAuth 2.0 Playground:
https://dev.freeagent.com/docs/quick_start to retrieve an access and
refresh token. Your app can then use the access token with FreeAgent.
When the access token expires, use the refresh token to get a new access
token.

Kind regards,

Graeme

On 3 February 2014 00:04, Mark Blackman <pola...@gmail.com <javascript:>>wrote:

Hi,

Is grant_type=password supported for the FreeAgent OAuth 2.0
implementation?

The docs, https://dev.freeagent.com/docs/oauth, say “The FreeAgent API
implements OAuth 2.0 Draft 22http://tools.ietf.org/html/draft-ietf-oauth-v2-22
and Oauth 2.0 Draft 22,
http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4, says “OAuth
defines four grant types: authorization code, implicit, resource owner
password credentials, and client credentials.”.

When I attempt to use grant_type=password corresponding to the “resource owner
password credentials” with https://api.freeagent.com/v2/token_endpoint I
get {“error”:“unsupported_grant_type”}

Is this expected? How do i use “resource owner password credentials” as a
grant type with FreeAgent?

Regards,
Mark


You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_ap...@googlegroups.com <javascript:>.
To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.


Graeme Boyd
Engineering Manager

Web. freeagent.com http://www.freeagent.com/ Blog. freeagent.com/blog
Twitter. @freeagent https://twitter.com/#!/freeagent Facebook.
facebook.com/freeagentapp

40 Torphichen Street, Edinburgh, EH3 8JB
FreeAgent Central Ltd. Registered in sunny Scotland SC316774