I try to get a token from Spotify with Client Credentials Flow. I get in answer status 400 and this error : "invalid_client". I cannot understand where is my mistake.
let oAuthOptions = {
url: 'https://accounts.spotify.com/api/token',
method: 'POST',
headers: {
'Authorization' : 'Basic ' + btoa(CLIENT_ID+':'+CLIENT_SECRET)
},
body: "grant_type=client_credentials",
json : true
};
$.post(oAuthOptions['url'],oAuthOptions,function() {
console.log('get answer');
});
The invalid_client error occurs when you are sending a bad Authorization header (not bad, maybe a bad client_id?)
Recheck your client_id and client_secret (And if they are properly in base64)
It should work.
Related
I am trying to call Shopify's GraphQL API via Google App Script.
I have successfully made the call via Postman using the same body and authentication values and that has been working fine.
However, when calling the API via App Script I keep receiving a 400 response code, with the following error message {"errors":{"query":"Required parameter missing or invalid"}}
Here is the code I am using:
function shopifySync() {
var url = "https://store-name.myshopify.com/admin/api/2021-07/graphql.json";
var payloaddata = `query {orders(first: 20) { edges { node { id } } } }`;
var payload = JSON.stringify(payloaddata);
var password = "api_password"; //Private Shopify App
var response = UrlFetchApp.fetch(url, {
'method': "POST",
'muteHttpExceptions': true,
'headers': { "X-Shopify-Access-Token": password , "Content-Type": "application/json"},
'payload': payload
},
);
Logger.log(response.getContentText());
Logger.log(response.getResponseCode());
}
In Shopify's documentation the 400 HTTP response is classified as "Bad Request" and the explanation is:
The request was not understood by the server, generally due to bad syntax or because the Content-Type header was not correctly set to application/json.
This status is also returned when the request provides an invalid code parameter during the OAuth token exchange process.
Source: https://shopify.dev/api/usage/response-codes
How can I resolve this issue and successfully call Shopify's GraphQL API?
I found the solution in the GraphQL documentation of another Saas company.
The issue was how the payload was formatted
How I tried it:
'payload': payload
How it should be:
'payload': JSON.stringify({'query': payloaddata})
Final code that is working for me with the 2021-07 GraphQL API for Shopify:
var url = "https://store-name.myshopify.com/admin/api/2021-07/graphql.json";
var payloaddata = 'query {orders(first: 20) { edges { node { id } } } }';
var password = "api_password";
var response = UrlFetchApp.fetch(url, {
'method': "POST",
'muteHttpExceptions': true,
'headers': { "X-Shopify-Access-Token": password , "Content-Type": "application/json"},
'payload': JSON.stringify({'query': payloaddata})
});
Sorry for this title but i really need hlp. I don't know why that's not working and i searched a lot.
So I'm working with Spotify Api and I want to access to the Access_Token. The documentation says you have to do like that: Spotify Documentation
And I m requesting like this :
fetch ('https://accounts.spotify.com/api/token', {
method: 'post',
body: {
code: code,
redirect_uri: redirectUri,
grant_type: 'authorization_code'
},
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Authorization: 'Basic ' + btoa(clientId+':'+clientSecret)
},
json: true
})
But that's answering this:
Error
I checked and error 400 means "Bad Request".
Have u got an idea? Thanks for helping !
Looking at your error, no body was received. You have to send it as a json string:
let body = {
code: code,
redirect_uri: redirectUri,
grant_type: 'authorization_code'
}
fetch ('https://accounts.spotify.com/api/token', {
method: 'post',
body: JSON.stringify(body),
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
Authorization: 'Basic ' + btoa(clientId+':'+clientSecret)
},
json: true
})
I am trying to make a call using JavaScript's Fetch API to generate an OAuth Token but I keep receiving a 400 response code and I'm not sure why. I wrote the key and secret to the console to verify their values, and I made the same API call using cURL (with the response I expected). Is there a small issue in my syntax?
fetch('https://api.petfinder.com/v2/oauth2/token', {
method: 'POST',
body: 'grant_type=client_credentials&client_id=' + key + '&client_secret=' + secret
}).then(r => { response = r.json() });
If the request body is a string, the Content-Type header is set to text/plain;charset=UTF-8 by default. Since you're sending urlencoded data, you have to set the Content-Type header to application/x-www-form-urlencoded.
fetch('https://api.petfinder.com/v2/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'grant_type=client_credentials&client_id=' + key + '&client_secret=' + secret
})
As I mentioned in a comment, you shouldn't make the above request from a browser since it exposes the client secret.
Thanks to #Arun's recommendation of adding Content-Type, I am getting the right response now.
Also, for any other JavaScript newbies playing around with the petfinder API, this is the chain that I used to extract the token from the response:
fetch('https://api.petfinder.com/v2/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
body: 'grant_type=client_credentials&client_id=' + key + '&client_secret=' + secret
}).then(response => response.json().then(data => ({
data: data,
status: response.status})
).then(function(res) {
console.log(res.status, res.data.access_token);
}));
EDIT:
I was reading the documentation wrong. In this world of JSON I didn't notice the request was sending form data. Silly mistake.
It was also the wrong endpoint.
The request should have looked like:
fetch(
'https://api.amazon.com/auth/o2/token/',
{
method: 'POST',
headers:{
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'
},
body:
`?redirect_uri=${redirectUri}` +
`&code=${clientCode}` +
`&client_id=${clientId}` +
`&client_secret=${clientSecret}` +
'&grant_type=authorization_code'
}
)
I'm trying to trade a token obtained with the code flow in cognito's login page, but the request responds with a status 400 "malformed request".
The documentation I am following is: https://developer.amazon.com/docs/login-with-amazon/authorization-code-grant.html#access-token-request
I am using the browser to make the following request:
fetch(
'https://api.amazon.com/auth/o2/token/' +
`?redirect_uri=${encodeURIComponent(redirectUri)}` +
`&code=${encodeURIComponent(clientCode)}` +
`&client_id=${encodeURIComponent(clientId)}` +
`&client_secret=${encodeURIComponent(clientSecret)}` +
'&grant_type=authorization_code',
{
method: 'POST',
headers:{
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'
}
}
)
Which results in the client sending the following request:
POST
https://api.amazon.com/auth/o2/token/?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Floggedin&code=<code>&client_id=<client_id>o&client_secret=<client_secret>&grant_type=authorization_code
The response:
{
"error_description": "Malformed request",
"error":"invalid_request"
}
I'm trying to receive a token from the Spotify api to allow me to search the api and such for songs and other information.
On my sever application index.js I start by requiring the package:
var request = require('ajax-request');
Later on I go to request my token:
request.post({
method: 'POST',
url: 'https://accounts.spotify.com/api/token',
'Content-Type' : 'application/x-www-form-urlencoded',
header: {
Authorization: 'Basic' + <urlEncodedClientIdAndClientSecret>,
},
data: {
grant_type: 'client_credentials'
}
}, function(err, res, body) {
});
However if I try and console log this it always returns undefined, is there an issue with how I've laid out my post request or is there something else I'm missing?
Oh....I just looked at your request again....are you missing a space after the "Basic"? Try this:
Authorization: 'Basic ' + <urlEncodedClientIdAndClientSecret>,