0

Did something change to the API OAuth flow?

When I try to login with my app (dwapi.pritaeas.net), and click "continue" on the authorize page, I get to the Oops page. Haven't used it in a while, but am not aware of any changes I have missed.

6
Contributors
18
Replies
72
Views
3 Years
Discussion Span
Last Post by Dani
Featured Replies
0

I was having trouble just logging on to the site using the browser on my mobile device. After several attempts & over a period of an hour or so, i was able to log in.

1

Last night she enabled site-wide SSL. Not sure if that would affect your API.

0

That might be it, although not entirely sure why it would fail. I did notice some warnings about https.

your API.

Dani's API.

Edited by pritaeas

0

We did just switch to sitewide-https. However, you shouldn't be having login issues.

Prit, try switching all of the API endpoints to https. Did that do the trick??

More concerned right now with JorgeM who's saying he's unable to log into the site.

0

Prit, try switching all of the API endpoints to https. Did that do the trick??

Not tested yet, but that was my first thought to test too. Not high priority just now. Probably weekend before I can test.

0

More concerned right now with JorgeM who's saying he's unable to log into the site.

it hasnt happened again to me.... could it have been that i typed my password in correctly about ten times.... I would have said ten years ago that it would not be possible. I still want to say no way, but i'm going to be convservative and say its possible.

0

Prit, try switching all of the API endpoints to https. Did that do the trick??

No. I get the following response back. Although I haven't changed anything to my id or secret.

stdClass Object ( 
    [error] => There was an error fetching an access token. The client_id and client_secret do not match. 
    [request_data] => stdClass Object ( 
        [code] => OMITTED 
        [redirect_uri] => http://dwapi.pritaeas.net/DwApiAuthorize.php 
        [client_id] => OMITTED 
        [client_secret] => OMITTED 
        [grant_type] => authorization_code ) )
0

Just by looking at that page... that must be it.

c40d17e96efb0092bbc4323c33834d50

Then I had to update my client API's target URL to HTTPS too (of course). Working again.

Edited by pritaeas

0

Looks like I must have screwed up making the encryption backwards-compatible when we upgraded our algorithm. Shoot!!!!!

Edited by Dani: Debugging infractions

0

yep just checked my api apps stopped working too. oh well, i'm gonna let them die a dignified death. no worries.

0

Darn me. Darn me. Darn me. I was trying to make the client secrets more secure in the database and I somehow snafu'ed them and they're one-way encrypted.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.