Issue in configuring OAuth

Hi Team,

Could you guys clarify the recently released OAuth function will work for the below use case,

Outreach Authorization: - Outreach API Documentation

  1. Request an authorization code from an Outreach customer by redirecting them to the following URL:
https://api.outreach.io/oauth/authorize?client_id=<Application_Identifier>&redirect_uri=<Application_Redirect_URI>&response_type=code&scope=<Scope1+Scope2+Scope3>
  1. Once the Outreach customer has clicked Authorize they will be redirected back to your link’s redirect_uri with a code query parameter. That code is a short-lived authorization token, and you can exchange that code for an access token, which can then be used to make API requests on behalf of the customer. To receive an access token, make a POST request to the following URL with the following parameters:
curl https://api.outreach.io/oauth/token \
  -X POST \
  -d client_id=<Application_Identifier> \
  -d client_secret=<Application_Secret> \
  -d redirect_uri=<Application_Redirect_URI> \
  -d grant_type=authorization_code \
  -d code=<Authorization_Code>
  1. A successful response to this request will return a JSON payload including the access_token, a refresh_token and an expires_in timestamp. The access token can be used to make authenticated requests on behalf of the customer but will expire once the expires_in attribute has passed. (Tokens are also revoked when the customer revokes their authorization grant.) Once the access token has expired, you can retrieve a new one by using the refresh_token grant type and by passing the refresh token to the code parameter:
curl https://api.outreach.io/oauth/token \
  -X POST \
  -d client_id=<Application_Identifier> \
  -d client_secret=<Application_Secret> \
  -d redirect_uri=<Application_Redirect_URI> \
  -d grant_type=refresh_token \
  -d refresh_token=<Refresh_Token>

Note:

  • Each user/application pair can generate a maximum of 100 access refresh tokens at any given time.
  • Access tokens remain active for 2 hours
  • Refresh tokens remain active for 14 days. To automate the API authentication, use the refresh tokens to sustain the session at runtime.

I tried it and getting the error message as,

{
status: 400,
headers: {
‘content-type’: ‘application/json’,
‘content-length’: ‘150’,
connection: ‘close’,
date: ‘Mon, 28 Jun 2021 07:38:33 GMT’
},
response: ‘{“error”:“Unsupported authorization header.”,“description”:“The Authorization header must have the format ‘Bearer access_token’ with a single space.”}’,
attempts: 1,
errorSource: ‘APP’
}

2 Likes

@Klintan_KJ Could you please share your oauth_config.json content here?

Note: Hide sensitive data.

@Klintan_KJ This might help - Google OAuth - Access token cannot be refreshed - App Development - Freshworks Developer Community

@arshath.h

{
“client_id”: “XXXXX-XXXXXXXXXXXXXXX”,
“client_secret”: “XXXXX_XXXXXX-XXXXX”,
“authorize_url”: “https://api.outreach.io/oauth/authorize”,
“token_url”: “https://api.outreach.io/oauth/token”,
“token_type”: “account”,
“options”: {
“redirect_uri”: “https://www.freshworks.com/oauth/outreach”,
“scope”: "audits.all audits.read accounts.all accounts.read accounts.write "
}
}

1 Like

This is different. We need to check for the above use case.

1 Like

@Klintan_KJ May I know why the redirect_uri is different than what is suggested on documentation?

@Klintan_KJ Based on the error, I think the Auth header is not properly set up. Did you setup your auth header as following { Authorization: "Bearer <%= access_token %>"}

Facing same issue, “redirect_uri”: “https://oauth.freshdev.io/auth/callback” ~ “http://localhost:10001/auth/callback

var reqData = {
headers: { Authorization: “Bearer <%= access_token %>” },
isOAuth: true
};

1 Like