Oauth code flow error

wang11 · July 30, 2019, 8:32pm

I am trying to request access token for my app using oauth code flow. I got client secret by email and followed the doc. However, I always see error in step 4 ‘Application Requests Access Token’:

Here are my steps:

send request:
http://api.nuki.io/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=MY_CLIENT_ID&scope=account%20notification%20smartlock%20smartlock.readOnly%20smartlock.action%20smartlock.auth%20smartlock.config%20smartlock.log
login on nuki and authorize
got the authorization code
request token but failed
https://api.nuki.io/oauth/token?client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET&grant_type=authorization_code&code=00f091b93d85d44e23fba4a9f22934b02b449790%7C1562612731732&redirect_uri=http%3A%2F%2Flocalhost

The response I got from #4:

{

"code": 401,

"description": "The request requires user authentication",

"homeRef": "/",

"reasonPhrase": "Unauthorized",

"uri": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2"

}

Would you help to check and let me know what is wrong on the request? Or is there something wrong on the server side?

wang11 · August 5, 2019, 8:58pm

I am still having this issue. Anyone Nuki support can help?

Stephan · August 6, 2019, 6:22am

The request looks correct for me. Error 401 would hint to a problem with the authentication though.
As Client ID worked in your first request please recheck client secret and authorization code. I will see if somebody else can take a look at it meanwhile.

notz · August 6, 2019, 7:27am

Hi,

It seems you have posted the output from your web browser. This isn’t the real answer from our server.

But anyway your request is not correct. You have to set a basic authentication header with your client_id (user) + client_secret (password).

cheers,
gernot

wang11 · August 12, 2019, 6:46pm

Thanks for the reply. The output posted is from PostMan not web browser.

I got a different reply after adding a header “Authorization: Basic base64encoded’ClientID:ClientSerect’”

{
“error_description”: “No grant_type parameter found.”,
“error”: “invalid_request”
}

But I do have the grant_type in request:

https://api.nuki.io/oauth/token?client_id=removed&client_secret=removed&grant_type=authorization_code&code=1f81732b122000e6d4da03b70aa75afce83c5b4a|1565634926814&redirect_uri=http%3A%2F%2Flocalhost

notz · August 13, 2019, 7:30am

You should send the parameters in the body.

Content-Type: application/x-www-form-urlencoded

client_id=removed&client_secret=removed&grant_type=authorization_code&code=1f81732b122000e6d4da03b70aa75afce83c5b4a|1565634926814&redirect_uri=http%3A%2F%2Flocalhost

wang11 · August 15, 2019, 12:15am

Yes, it works finally. Thanks for your help. It seems I followed old doc which is not valid anymore.

Stephan · August 16, 2019, 6:07am

@wang11

Good to hear it works for you now. Could you link me to the document where you may have found outdated data so we can check where this might still be available?