Oauth code flow error

I am trying to request access token for my app using oauth code flow. I got client secret by email and followed the doc. However, I always see error in step 4 ‘Application Requests Access Token’:

Here are my steps:

  1. send request:
    http://api.nuki.io/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=MY_CLIENT_ID&scope=account%20notification%20smartlock%20smartlock.readOnly%20smartlock.action%20smartlock.auth%20smartlock.config%20smartlock.log

  2. login on nuki and authorize

  3. got the authorization code

  4. request token but failed
    https://api.nuki.io/oauth/token?client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET&grant_type=authorization_code&code=00f091b93d85d44e23fba4a9f22934b02b449790%7C1562612731732&redirect_uri=http%3A%2F%2Flocalhost

The response I got from #4:

{

"code": 401,

"description": "The request requires user authentication",

"homeRef": "/",

"reasonPhrase": "Unauthorized",

"uri": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2"

}

Would you help to check and let me know what is wrong on the request? Or is there something wrong on the server side?

I am still having this issue. Anyone Nuki support can help?

The request looks correct for me. Error 401 would hint to a problem with the authentication though.
As Client ID worked in your first request please recheck client secret and authorization code. I will see if somebody else can take a look at it meanwhile.

Hi,

It seems you have posted the output from your web browser. This isn’t the real answer from our server.

But anyway your request is not correct. You have to set a basic authentication header with your client_id (user) + client_secret (password).

cheers,
gernot

1 Like

Thanks for the reply. The output posted is from PostMan not web browser.

I got a different reply after adding a header “Authorization: Basic base64encoded’ClientID:ClientSerect’”

{
“error_description”: “No grant_type parameter found.”,
“error”: “invalid_request”
}

But I do have the grant_type in request:

https://api.nuki.io/oauth/token?client_id=removed&client_secret=removed&grant_type=authorization_code&code=1f81732b122000e6d4da03b70aa75afce83c5b4a|1565634926814&redirect_uri=http%3A%2F%2Flocalhost

You should send the parameters in the body.

Content-Type: application/x-www-form-urlencoded

client_id=removed&client_secret=removed&grant_type=authorization_code&code=1f81732b122000e6d4da03b70aa75afce83c5b4a|1565634926814&redirect_uri=http%3A%2F%2Flocalhost

Yes, it works finally. Thanks for your help. It seems I followed old doc which is not valid anymore.

@wang11

Good to hear it works for you now. Could you link me to the document where you may have found outdated data so we can check where this might still be available?