Hi Rohan,
Do you happen to see any errors when you try to run the app locally? After 1 hr?
Also, I’d direct message you to collect you App ID, Account ID and the time when you saw this issue to find out what error is being seen.
Hi Saif,
Errors we are getting from the SMS api after around 1 hour are that token has expired. It get’s renewed when we click on reauthorize whereas it should happen automatically.
LOGS are below:
2020-05-27T09:10:25.883Z {"appDetails":"1_27397_69416_1364044","categoryName":"productEvent_onTicketUpdate","logSource":"APP","RequestId":"productID::1|accountID::1364044|model::ticket|action::update|id:81013064295|messageID::9df3ccd6-cb15-4e5e-9f65-fe134a611871","type":"info","message":"Hello 5"}
2020-05-27T09:10:25.883Z {"appDetails":"1_27397_69416_1364044","categoryName":"productEvent_onTicketUpdate","logSource":"APP","RequestId":"productID::1|accountID::1364044|model::ticket|action::update|id:81013064295|messageID::9df3ccd6-cb15-4e5e-9f65-fe134a611871","type":"info","message":"true"}
2020-05-27T09:10:25.883Z {"appDetails":"1_27397_69416_1364044","categoryName":"productEvent_onTicketUpdate","logSource":"APP","RequestId":"productID::1|accountID::1364044|model::ticket|action::update|id:81013064295|messageID::9df3ccd6-cb15-4e5e-9f65-fe134a611871","type":"info","message":"destinationMobileNumber95null"}
2020-05-27T09:10:27.004Z {"appDetails":"1_27397_69416_1364044","categoryName":"productEvent_onTicketUpdate","logSource":"APP","RequestId":"productID::1|accountID::1364044|model::ticket|action::update|id:81013064295|messageID::9df3ccd6-cb15-4e5e-9f65-fe134a611871","type":"error","message":"error { status: 500,\n headers:\n { date: 'Wed, 27 May 2020 09:10:26 GMT',\n 'content-type': 'application/json',\n 'content-length': '449',\n connection: 'close',\n 'www-authenticate':\n 'Bearer realm=\"null\",error=\"invalid_token\",error_description=\"keymanagement.service.access_token_expired: Access Token expired\"' },\n response:\n { transactionId: '',\n timeStamp: '2020-05-27T15:40:26+06:30',\n id: { type: 'MSISDN', value: '' },\n code: '500.032.006',\n error: 'Internal Server Error',\n message:\n '**Invalid ApiKey/AccessToken for given resource or Token expired**' },\n attempts: 1,\n errorSource: 'APP' }"}
Summary
contd…
Now that the Official Standard response structure is followed in the response JSON. The Status code that 3rd party issue is still 500 instead of 401.
When platform recognises status code to be 401, it typically tries to refresh the access token.
Hi Saif/Team,
We had got the third party to provide an endpoint which returns 401 on token expiry. From the logs it appears that FD platform is sending request to refresh the token as well. However, now we are getting the below error from third party. Could you please suggest regarding this urgently?
It appears that there is a problem with grant type?
FDK 3416: (coverage-util.js) Writing coverage.
FDK 3416: (proxy.js) Proxy came back with error as null, body as {“transactionId”:"",“timeStamp”:“2020-06-09T12:56:04+06:30”,“id”:{“type”:“MSISDN”,“va
lue”:""},“code”
FDK 3416: (proxy.js) Looking for “application/json” in application/json,application/xml,text/html,text/xml,application/jsonp,text/plain,application/ja
vascript,application/vnd.api+json
FDK 3416: (oauth.js) Refreshing oauth tokens
FDK 3416: (data-util.js) Read {“smsapp_101_101_oauth_iparams”:{},“smsapp_101_101_oauth_appstate”:“fa8f5148-e83b-48c2-978b-b73af9035250”,“smsapp_101_10
1_oauth”:{“access_token”:“94kKvoZGsj8TF3G7GIxENGFYQP1H1”,“refresh_token”:“JhJGmgft3wesOoT7zRvqWvGdE3pulETA”}}
authorizationURL https://prod-apigw.mytelenor.com.mm/oauth/v2/userAuthorize
FDK 3416: (data-util.js) Read {“smsapp_101_101_oauth_iparams”:{},“smsapp_101_101_oauth_appstate”:“fa8f5148-e83b-48c2-978b-b73af9035250”,“smsapp_101_10
1_oauth”:{“access_token”:“94kKvoZGsj8TF3G7GIxENGFYQP1H1”,“refresh_token”:“JhJGmgft3wesOoT7zRvqWvGdE3pulETA”}}
FDK 3416: (oauth.js) Refreshed OAuth.
error { status: 400,
headers: {},
response:
'\n {\n “code”: “401.000.2001”,\n “error”: “Unauthorized”,\n “message”: “Error :Unsupported
grant type : refresh_token”\n }\n ’ }
FDK 3416: (coverage-util.js) Writing coverage.
Hi Saif/Team,
In continuation to the above question, we also checked with third party and they communicated that they have a specific endpoint for refresh token. Does this need to be included in the Oauth config files as well? Could you please share a sample for this
Refresh token endpoint should be https://prod-apigw.mytelenor.com.mm/oauth/v2/refreshToken. Sample as below.
curl -X POST \
https://prod-apigw.mytelenor.com.mm/oauth/v2/refreshToken \
-H ‘content-type: application/x-www-form-urlencoded’ \
-d ‘grant_type=refresh_token&client_id={consumer key}&client_secret={consumer secret}&refresh_token={refresh_token}’
- Regarding this part,
Last time we went on call, this type codes were mapped to certain description. Is it possible for you check, what does this code from mytelenor.com correspond to? It will answer us what mytelenor.com end point is expecting on top of what is being called out as Error: Unsupported grant type: refresh_token
- May I know to what property in oauth_config.json, the token_url is mapped to?
Hi Saif,
From what we can deduce through the logs shared above, now FD platform is receiving the 401 status code and attempting to refresh the token by sending a request with grant type: refresh_token and other parameters. However, it is unable to get the token. As per third party they have a separate URL for refresh like below:https://prod-apigw.mytelenor.com.mm/oauth/v2/refreshToken
Please note, this is currently not configured in oauth_config which looks like this:
{
“client_id”: “XXX”,
“client_secret”: “YYY”,
“authorize_url”: “https://prod-apigw.mytelenor.com.mm/oauth/v2/userAuthorize”,
“token_url”: “https://prod-apigw.mytelenor.com.mm/oauth/v2/token”,
“options”: {
“scope”: “read”
},
“token_type”: “account”
}
Could you please suggest how a separate refresh token url can be configured in this file? What is FD platform attempting to do currently-is it trying to use token url only for refresh?
As per the clarification given above, how could we resolve this token refresh issue? Please suggest. You can refer to the logs given in the previous posts.
1 Like
Hi Saif/Team,
Could you please confirm today regarding the queries mentioned in the above 2 posts? Thanks.
Hi @rohan15,
Unfortunately, it is not possible add another URL in the oauth_config.json
OAuth2 on our platform works uniformly with the RFC standards. Unfortunately, we won’t be able to change it. For an app trying to use OAuth2.0 platform feature, currently there isn’t any workaround that we can suggest.
I highly appreciate all the efforts you’ve put in, please let me know if there’s anything else I can help with.
Hi Saif/Team,
So could you please explain , what is FD expecting currently? Where is the platform sending the request for token refresh?
If third party is required to make changes, please suggest what we should tell them and what FD is expecting.
Here the Authorization Server is the 3rd party. Client is Platform on behalf of your app. To reduce the burden of developer, platform is supposed to handle A to H.
With the initial changes those have been suggested, you were able to reached (B)
Platform looks out for same token_url for refresh_token when access_token expires as 3rd party maintains yet another endpoint altogether for issuing refresh token. Freshdesk app client expects token refresh happens with same endpoint.
Hi Saif/Team,
Ok, we will discuss internally with the team regarding this.
Meanwhile, could you answer the below point:
We have deployed a new serverless app in an FD production account. This one does not have the oauth authentication feature.
Was trying to find the the logs for troubleshooting and we checked the link provided earlier and found the below line:
<<Once the custom app is installed, select the Settings icon and then choose the Serverless Logs tab to view the logs.>>
Could you please tell us , where exactly this settings tags will be located on FD production account?
We checked the custom apps section but only the name of the app is displayed and no option for checking settings or logs.
Were you able refer to this Wiki Article? - How to obtain serverless logs? - How To's - Freshworks Developer Community
Let me know if that helped. I’d recommend you to create a seperate topic as this sounds different to original post on this thread.
Ok Saif, we will create a separate topic for the logs troubleshooting.
Please help with the below:
We were able to get SMS app working via an alternate approach. Now SMS is being sent on ticket creation and ticket closure events occurring on FD production portal/account.
However, today, we noticed that when ticket is being created from CIM application, SMS is not being sent. The reason is that the mobile number being used to send the SMS (from SMSAPP) is under a Contact field, and this field is not available in the create ticket API request which CIM uses to create tickets.
So, could you please check with FD team if any 1 of the below solutions can be implemented to resolve this:
-
Add MSISDN(in B2C)/Telenor MSISDN(in B2B) in the payloads of onTicketCreate and onTicketUpdate events in the “args” tags. In that case, we can use this MSISDN value to send the SMS from the app.
-
Add Contact Phone Number as a field in the Create API used by CIM. In this case, CIM can pass the msisdn in the contact phone number field during ticket creation.
Hello @rohan15, I am finding some help internally.
Meanwhile, can you clarify what CIM and MSISDN are, may be in simple way to understand use case better?
I am trying to reach internal FD teams to get the relevant accurate answer.
Hi @rohan15,
Since this part of App developement, involves Product APIs. Can you please help me by creating a new topic in Product APIs category. So that I can followup on the same?