Has the auth process changed?


#1

Hi!

I’ve not updated mobileAgent for a while, but quite a few people are still using and buy it (shocking I know :slight_smile: )

Iv’e had some reports from new users saying they can’t do the OAuth steps - it redirects back to my app from the webform, but it can’t do the next steps.

Has something (aside from the UI - love the cat) changed recently? Existing users with tokens appear to be fine.

Looking at my logs, I’m getting:

20161012/162849: Exception in ProcessCallbackUrl: ma://localhost/oauth/?code=1HcbzVQxxxxxxxxxxxsQ7hPPrLEPcqO2t&state=foo
20161012/162849: Exception: [FreeAgentException: StatusCode=BadRequest, Response=RestSharp.RestResponse`1[FreeAgent.AccessToken], Content={"error":"invalid_grant"}]
  at FreeAgent.FreeAgentClient.GetAccessToken (System.String code, System.String redirectUri) <0x1008b3e8c + 0x00063> in <filename unknown>:0 

The exception would be from the call to get an access token, which looks like:

POST to /token_endpoint
code: the code I got back
grant_type: "authorization_code"
client_id: my id
client_secret: my secret
redirect_uri: the url

Thanks

Nic


#2

I created a little app to bulk upload expences, invoices and bank transcations via excel.

Last week when I was uploading it it stop getting the token from the refresh token. Please note that the refresh token was hardcoded and was used to get a new token everytime the app started exsecuting.

When I debugged the code I find that there was a change in the OAuth code. Previously when you posted an HTTP Request, the response status used to be received via a “Status” header item. So my code used to read the Status Headre value and match this with “200 OK” or “201 CREATED”.

last week this header item was missing in the header values. When I looked at the response object itself I found that I could read the status from the StatusCode property of HTTPWebResposnse object. I dont know whether this property wqas always set or they changed recently to set this property and remove the header item “Status”. But for sure the headre item “Status” is now removed making my code to break.

Once I changed the code in c# FROM

if (resp.Headers[“Status”].ToUpper == “201 CREATED”)
// the record is created
end

TO

if (((HTTPWebResponse)(resp)).StatusCode = HttpStatusCode.Created)
// the record is created
end

My code started working fine.

Hope this helps


#3

Hi Nic,

Sorry about that. We did some refactoring of our auth code a short while back and it looks like we introduced an unintentional behaviour change. We’ve now fixed this and added regression tests so we don’t make the same mistake again in the future.

I’ve confirmed that this change has resolved your users’ problem as I can now successfully authorise MobileAgent against my FreeAgent account.

Apologies for any problems you’ve had from this.
Paul.


#4

Hi Pankaj,

That sounds like a different problem to me.

To the best of my knowledge we’ve not changed the response headers, but I’m glad to hear you’ve found a better way to implement this check (comparing a constant response code rather than an arbitrary string).

Feel free to post on here in future if you think our API behaviour has changed unexpectedly and we can look into it.

Cheers,
Paul


#5

Thanks Paul - that’s fixed it. And thanks for the quick response, very much appreciated!

Cheers

Nic