Unauthorized 'Invalid token' response when trying to call Authorization API

1fimbulvinter · November 17, 2018, 5:20pm

I’m trying to use Authorization extension in such way:

 var options = {
       method: 'POST',
       url: 'https://{MY_DOMAIN}/oauth/token',
       headers: { 'content-type': 'application/json' },
       body: {
         client_id: {CLIENT_ID},
         client_secret: {CLIENT_SECRET},
         audience: {MY_MACHINE_TO_MACHINE_APP}",
         grant_type: "client_credentials",
         scope: 'read:roles read:current_user',
       },
       json: true
     }; 

  request(options, function (error, response, body) {
       if (error) throw new Error(error);
       var options = {
         method: 'GET',
         url: 'https://{AUTHORIZATION_URL_FROM_EXPLORER}/api/roles',
         headers: {
           authorization: `Bearer ${body.access_token}`
         }
       };
       request(options, function (error, response, body) {
         if (error) throw new Error(error);
       });

First request returns correct access token. But second request always return Unauthorized 401 response with following content

 {
   "statusCode":401,"
    "error":"Unauthorized",
    "message":"Invalid token",
    "attributes":{"error":"Invalid token"}
 }

What can be the reason of this behaviour?

kimcodes · November 20, 2018, 7:17pm

the code you shared looks to be setup correct. The POST call to get the token looks to be setup correctly and you have the read:roles scope enabled. What version of the authorization extension do you have setup?

1fimbulvinter · November 21, 2018, 8:08pm

As I understand, I use v2 Authorization extension.

kimcodes · November 22, 2018, 7:51pm

thanks for letting me know! and you’re using YOUR_TENANT.us.webtask.io for the AUTHORIZATION_URL_FROM_EXPLORER} value? I am going to take a look with my team if there are currently any issues with the v2 authorization extension, because your request looks correct to me.

1fimbulvinter · November 22, 2018, 10:44pm

I find the issue. Sorry, it was my fault. I uncorrectly followed tutorial and not enabled API access to authorization extension. Then I created custom authorization extension API and used credentials from him. Now I enabled API access and with auto-generated API credentials this request return normal responce.

kimcodes · November 22, 2018, 10:51pm

Oh perfect! Glad you were able to figure out the issue!

system · January 7, 2019, 5:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unauthorized error when calling /oauth/token from rule to get access token Help	5	6935	January 29, 2020
Invalid token when accessing Authorization Extension API Help authorization-extens	19	6486	March 2, 2018
Another Unauthorized New User Help unauthorized	9	3577	December 8, 2020
Mysterious /oauth/token errors of "invalid grant" and "Invalid authorization code". Help token-endpoint	3	14627	March 2, 2018
Invalid Token with Authorization API Help authorization-extens , invalid_token	5	5263	March 2, 2018

Unauthorized 'Invalid token' response when trying to call Authorization API

Related Topics