Need Assistance Passing OAuth-Generated Access Token in API Call

Claret_Ivin · April 17, 2024, 11:29am

We’ve hit a roadblock when attempting to pass an OAuth-generated access token. The token generation process itself has been successful. Now, the challenge lies in passing this token within an API call, specifically within the app.js file. Our API expects the token to be included in the request body, structured like this:

{
    "customerName": "Bob the client",
    "webhooks": [
        {
            "targetUrl": "https://mydomain/post-here/chatmessage",
            "authorizationToken": "<your_access_token_here>",
            "type": "SessionState"
        }
    ]
}

We’ve attempted to pass the token as authorizationToken: <%= access_token %>, but encountered an error:

{
    "status": 400,
    "headers": {},
    "response": "error while substituting templates.",
    "errors": {},
    "errorSource": "APP",
    "attempts": 1
}

Is there a method available to effectively pass the access token within app.js?

zach_jones_noel · April 17, 2024, 12:19pm

Hey @Claret_Ivin,
Is your API expecting custom authorization headers? CAn you share the cURL command for your API? And also your requests.json?

Claret_Ivin · April 17, 2024, 12:45pm

Hey Jones,

Our API expects the access_token to be passed inside the request’s body. Please have a look at the cURL shared. And I’ve also shared requests.json.

curl --location '[https://api.goto.com/goto-resolve/v1/sessions](https://api.goto.com/goto-resolve/v1/sessions)' \

--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJraWQiOiI2MjAiLCJhbGciOiJSUzUxMiJ9.eyJzYyI6InN1cHBvcnQ6Iiwic3ViIjoiNzczNDYxNjEzODk0Njc0MzE5MCIsImF1ZCI6IjAwOTA4YjE3LTg2MDctNGVhZC05OTIzLWM5YTY5ZTI1ZTQ2OCIsIm9nbiI6InB3ZCIsInR5cCI6ImEiLCJleHAiOjE3MTMzNTA4ODAsImlhdCI6MTcxMzM0NzI4MCwianRpIjoiNGI0MzEwMWUtMTNjOS00ZmUzLTkxYTYtMmVlYWFiY2I2YjQyIn0.14Hqo2_CGeq3fpLy1UBJoyRsHfyjnvqlR57S40VpUR4lYOf88KWibmIn9ugK7TuRdWRYkPORZMPVKkQzMgreO8PGb3qgqFcWzlRP2rDiCdxSbNl7QGmayTxzeY3G7Aqx1ozAe4XKTMGzqA9wgktS-6xtLqenC-SFiQYnaLzEWfQ8t2MFW-lxbb8qRWZdMPsKDv6TMvWx1WjGfYk4SJNvhkv8URR2yMjeZvc9HQMAN1yBMAfx7yWsAsadhCAHNO1sGruQ2U_XxTkFSb_04hJ48yT31EPdGURFZMpx6jrluDiXKx00UcsyvccDE8Lb9AVmQOl48Z4DBrYFOpH4OmM3Tw' \
--data '{
"customerName": "Bob the client",
"webhooks": [
{
"targetUrl": "[https://mydomain/post-here/chatmessage](https://mydomain/post-here/chatmessage)",
"authorizationToken": "eyJraWQiOiI2MjAiLCJhbGciOiJSUzUxMiJ9.eyJzYyI6InN1cHBvcnQ6Iiwic3ViIjoiNzczNDYxNjEzODk0Njc0MzE5MCIsImF1ZCI6IjAwOTA4YjE3LTg2MDctNGVhZC05OTIzLWM5YTY5ZTI1ZTQ2OCIsIm9nbiI6InB3ZCIsInR5cCI6ImEiLCJleHAiOjE3MTMzNTA4ODAsImlhdCI6MTcxMzM0NzI4MCwianRpIjoiNGI0MzEwMWUtMTNjOS00ZmUzLTkxYTYtMmVlYWFiY2I2YjQyIn0.14Hqo2_CGeq3fpLy1UBJoyRsHfyjnvqlR57S40VpUR4lYOf88KWibmIn9ugK7TuRdWRYkPORZMPVKkQzMgreO8PGb3qgqFcWzlRP2rDiCdxSbNl7QGmayTxzeY3G7Aqx1ozAe4XKTMGzqA9wgktS-6xtLqenC-SFiQYnaLzEWfQ8t2MFW-lxbb8qRWZdMPsKDv6TMvWx1WjGfYk4SJNvhkv8URR2yMjeZvc9HQMAN1yBMAfx7yWsAsadhCAHNO1sGruQ2U_XxTkFSb_04hJ48yT31EPdGURFZMpx6jrluDiXKx00UcsyvccDE8Lb9AVmQOl48Z4DBrYFOpH4OmM3Tw",
"type": "SessionState"
}
]
}'

requests.json


{
"createSession": {
"schema": {
"method": "POST",
"host": "[api.goto.com](http://api.goto.com)",
"path": "/goto-resolve/v1/sessions",
"headers": {
"Authorization": "Bearer <%= access_token %>",
"Content-Type": "application/json"
}
},
"options": {
"isOAuth": true
}
}
}

zach_jones_noel · April 17, 2024, 12:50pm

Can you also share oauth_configs.json?

The OAuth access token would not be accessible on app.js AFAIK so constructing the body as per API would be a challenge.

The host would need the domain - api.goto.com.

Claret_Ivin · April 17, 2024, 1:10pm

oauth_configs.json

{
  "client_id": "<%= oauth_iparams.client_id %>",
  "client_secret": "<%= oauth_iparams.client_secret %>",
  "authorize_url": "https://authentication.logmeininc.com/oauth/authorize?response_type=code&client_id=<%= oauth_iparams.client_id %>&redirect_uri=https://oauth.freshdev.io/auth/callback&scope=support:",
  "token_url": "https://authentication.logmeininc.com/oauth/token",
  "token_type": "account",
  "options": {
    "customHeaders": {
      "Authorization": "Basic <%= encode(oauth_iparams.client_id +':'+ oauth_iparams.client_secret) %>"
    },

    "isOAuth": true
  },
  "oauth_iparams": {
    "client_id": {
      "display_name": "Client ID",
      "description": "Please enter your client ID",
      "type": "text",
      "required": true
    },
    "client_secret": {
      "display_name": "Client Secret",
      "description": "Please enter your client secret",
      "type": "text",
      "required": true
    }
  }
}

zach_jones_noel · April 24, 2024, 10:02am

Hey @Claret_Ivin,
DMing you for further resolution.

The oauth_configs.json seems to be good although -

This isOAuth parameter would be for request template to while invoking oauth based APIs and is not needed to be defined in oauth_configs.json.