Did something change to the API OAuth flow?

When I try to login with my app (dwapi.pritaeas.net), and click "continue" on the authorize page, I get to the Oops page. Haven't used it in a while, but am not aware of any changes I have missed.

I was having trouble just logging on to the site using the browser on my mobile device. After several attempts & over a period of an hour or so, i was able to log in.

Unrelated I think, I still get at the Oops page.

Last night she enabled site-wide SSL. Not sure if that would affect your API.

That might be it, although not entirely sure why it would fail. I did notice some warnings about https.

your API.

Dani's API.

We did just switch to sitewide-https. However, you shouldn't be having login issues.

Prit, try switching all of the API endpoints to https. Did that do the trick??

More concerned right now with JorgeM who's saying he's unable to log into the site.

Prit, try switching all of the API endpoints to https. Did that do the trick??

Not tested yet, but that was my first thought to test too. Not high priority just now. Probably weekend before I can test.

More concerned right now with JorgeM who's saying he's unable to log into the site.

it hasnt happened again to me.... could it have been that i typed my password in correctly about ten times.... I would have said ten years ago that it would not be possible. I still want to say no way, but i'm going to be convservative and say its possible.

Can you reproduce it, Jorge?

No not since then, sorry.. i've tried..

Prit, try switching all of the API endpoints to https. Did that do the trick??

No. I get the following response back. Although I haven't changed anything to my id or secret.

stdClass Object ( 
    [error] => There was an error fetching an access token. The client_id and client_secret do not match. 
    [request_data] => stdClass Object ( 
        [code] => OMITTED 
        [redirect_uri] => http://dwapi.pritaeas.net/DwApiAuthorize.php 
        [client_id] => OMITTED 
        [client_secret] => OMITTED 
        [grant_type] => authorization_code ) )

Just by looking at that page... that must be it.

c40d17e96efb0092bbc4323c33834d50

Then I had to update my client API's target URL to HTTPS too (of course). Working again.

Member Avatar

Looks like I must have screwed up making the encryption backwards-compatible when we upgraded our algorithm. Shoot!!!!!

Oops!! Posted that from my test account accidentally.

Member Avatar

yep just checked my api apps stopped working too. oh well, i'm gonna let them die a dignified death. no worries.

Just the https fix and perhaps a new client id and secret, and your done.

Darn me. Darn me. Darn me. I was trying to make the client secrets more secure in the database and I somehow snafu'ed them and they're one-way encrypted.