OAuth Problems

Colin_Hall · 16 September 2013 18:37

Help!

I’m having problems with the API V2. I have received the authorisation
code, which whenever I try to return with an authorization_code request to
the APi I receive an ‘invalid_grant’ error.

I’m using PHP and the Library recommended on the developer docs - I have
not amended this at all and I have created my own functions based around
the FA Developer docs.

I’ve checked the main credentials (client_id, client_secret and
redirect_uri) and they are all correct. I try it on Google OAuth
Playground and it works, using the same credentials - obviously the
redirect_uri is different which leads me to believe that is the problem.
Although I use the same stored variable and have checked the output and
what I pass into both the authorisation code and authorisation url requests
are identical, so it shouldn’t cause a problem.

I have checked what my POST output is compared to googles playground and I
have all the required fields and the correct id and secret.

Is there anything special about the uri? I’m testing this on my local MAMP
Pro setup so its not over https, this also has a colon in the domain name,
would this cause a problem?

Below are my curl options prior to making the curl request - I have removed
client_id value and client_secret value as I know they are correct and they
also work in the OAuth playground, however I have left the field names in
the post request.

Array ( [19913] => 1 [64] => 1 [10036] => POST [47] => 1 [10015] =>
code=1vpqgJ4YxSkN4o16nc3q0WR8ALjCiyG8NC6pkV9l3&redirect_uri=http%3A%2F%2Fsann%3A8888%2Ffreeagent%2Fauth%2Freturn_auth_code&grant_type=authorization_code&client_id=&client_secret=
[10002] => https://api.sandbox.freeagent.com/v2/token_endpoint [10023] =>
Array ( [0] => Content: application/x-www-form-urlencoded;charset=UTF-8 [1]
=> Accept: application/json [2] => User-Agent: Test App ) )

When changing the request to a basic Authorisation through HTML I receive a
‘HTTP Basic: Access denied’ error.

Any help would be greatly appreciated

Thanks

Colin

T.J_Sheehy · 18 September 2013 11:02

Hi Colin,

Could you try again please, but this time use the redirect_uri "
http://sann:8888/freeagent/auth/return_auth_code/" when calling
/v2/token_endpoint https://api.sandbox.freeagent.com/v2/token_endpoint?

I suspect the /v2/approve_app call might have had a forward slash at the
end of the redirect_uri, while /v2/token_endpoint did not.

Best regards,
T.J.On 18 September 2013 11:19, T.J. Sheehy tj@freeagent.com wrote:

Hi Colin,

Sorry for not getting back to you sooner. I’m looking into this at the
moment.

Regards,
T.J.

On 18 September 2013 10:14, Colin Hall colin@macsi.co.uk wrote:

Anyone?

–
You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_api+unsubscribe@googlegroups.com.
To post to this group, send email to freeagent_api@googlegroups.com.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

T.J_Sheehy · 18 September 2013 12:32

Hi Colin,

Thanks for the update. It’s good to hear it worked.

Regards,
T.J.On 18 September 2013 13:18, Colin Hall colin@macsi.co.uk wrote:

Thanks T J.

I spotted the problem in my internal script. Basically the script looks
to see if the redirect is to the same domain and if it is it will prepend a
directory separator on the end if one is not present.

So the first problem was it thought this was an internal redirect.

The second was because the URL was encoded the ‘/’ became ‘’%2F’, so as it
thought it was internal it was doing a check for a directory separator,
which is why it made no difference when I was trying various return_uri
values, it did not find the ‘/’ so added one to the end, Obviously in the
CURL request it was not redirecting so wasn’t performing this check and
adding a directory separator.

Its generally something simple!

Thanks for looking into the issue at your end, it helped to figure out the
problem

Colin

On Wednesday, 18 September 2013 12:02:09 UTC+1, T.J. Sheehy wrote:

Hi Colin,

Could you try again please, but this time use the redirect_uri "
http://sann:8888/freeagent/**auth/return_auth_code/http://sann:8888/freeagent/auth/return_auth_code/"
when calling /v2/token_endpointhttps://api.sandbox.freeagent.com/v2/token_endpoint
?

I suspect the /v2/approve_app call might have had a forward slash at the
end of the redirect_uri, while /v2/token_endpoint did not.

Best regards,
T.J.

On 18 September 2013 11:19, T.J. Sheehy t...@freeagent.com wrote:

Hi Colin,

Sorry for not getting back to you sooner. I’m looking into this at the
moment.

Regards,
T.J.

On 18 September 2013 10:14, Colin Hall co...@macsi.co.uk wrote:

Anyone?

–
You received this message because you are subscribed to the Google
Groups “FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to freeagent_ap…@googlegroups.com.
To post to this group, send email to freeag...@googlegroups.com.

Visit this group at http://groups.google.com/**group/freeagent_api http://groups.google.com/group/freeagent_api
.
For more options, visit https://groups.google.com/**groups/opt_out https://groups.google.com/groups/opt_out
.

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. Facebook http://facebook.com/freeagentapp

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. Facebook http://facebook.com/freeagentapp

–
You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_api+unsubscribe@googlegroups.com.
To post to this group, send email to freeagent_api@googlegroups.com.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

Colin_Hall · 18 September 2013 12:18

Thanks T J.

I spotted the problem in my internal script. Basically the script looks to
see if the redirect is to the same domain and if it is it will prepend a
directory separator on the end if one is not present.

So the first problem was it thought this was an internal redirect.

The second was because the URL was encoded the ‘/’ became ‘’%2F’, so as it
thought it was internal it was doing a check for a directory separator,
which is why it made no difference when I was trying various return_uri
values, it did not find the ‘/’ so added one to the end, Obviously in the
CURL request it was not redirecting so wasn’t performing this check and
adding a directory separator.

Its generally something simple!

Thanks for looking into the issue at your end, it helped to figure out the
problem

ColinOn Wednesday, 18 September 2013 12:02:09 UTC+1, T.J. Sheehy wrote:

Hi Colin,

Could you try again please, but this time use the redirect_uri "
http://sann:8888/freeagent/auth/return_auth_code/" when calling
/v2/token_endpoint https://api.sandbox.freeagent.com/v2/token_endpoint?

I suspect the /v2/approve_app call might have had a forward slash at the
end of the redirect_uri, while /v2/token_endpoint did not.

Best regards,
T.J.

On 18 September 2013 11:19, T.J. Sheehy <t...@freeagent.com <javascript:>>wrote:

Hi Colin,

Sorry for not getting back to you sooner. I’m looking into this at the
moment.

Regards,
T.J.

On 18 September 2013 10:14, Colin Hall <co...@macsi.co.uk <javascript:>>wrote:

Anyone?

–
You received this message because you are subscribed to the Google
Groups “FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to freeagent_ap...@googlegroups.com <javascript:>.
To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

T.J_Sheehy · 18 September 2013 10:19

Hi Colin,

Sorry for not getting back to you sooner. I’m looking into this at the
moment.

Regards,
T.J.On 18 September 2013 10:14, Colin Hall colin@macsi.co.uk wrote:

Anyone?

–
You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_api+unsubscribe@googlegroups.com.
To post to this group, send email to freeagent_api@googlegroups.com.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

Colin_Hall · 18 September 2013 10:52

Thanks TJOn Wednesday, 18 September 2013 11:19:04 UTC+1, T.J. Sheehy wrote:

Hi Colin,

Sorry for not getting back to you sooner. I’m looking into this at the
moment.

Regards,
T.J.

On 18 September 2013 10:14, Colin Hall <co...@macsi.co.uk <javascript:>>wrote:

Anyone?

–
You received this message because you are subscribed to the Google Groups
“FreeAgent API” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to freeagent_ap...@googlegroups.com <javascript:>.
To post to this group, send email to freeag...@googlegroups.com<javascript:>
.
Visit this group at http://groups.google.com/group/freeagent_api.
For more options, visit https://groups.google.com/groups/opt_out.

–
T.J. Sheehy
Senior Software Engineer
FreeAgent
0131 543 3184

Web. freeagent.com http://www.freeagent.com/
Blog. The FreeAgent Blog - FreeAgent
Twitter. @freeagent https://twitter.com/#!/freeagent
Facebook. FreeAgent | Edinburgh

Colin_Hall · 18 September 2013 09:14

Anyone?