question

iamaadim5 avatar image
iamaadim5 asked Satish answered

Expiring OAuth returning Unauthorized status with message: Failed to validate auth code.

I am trying to get new access_token, refresh_token in OAuth2.0 and keep getting.

data: {
                 
      status: 'Unauthorized',
      message: 'Failed to validate authentication code.'
    }


I am doing this.


const oauth_request_headers = {
    Authorization: "Client " + client_secret,
    Accept: "application/json",
    "Content-Type": "application/json",
  };

const baseUrl = "https://apisandbox.dev.clover.com";
const option = {
                        
    method: "POST",      
    url: `${
                  baseUrl}/oauth/v2/token`,      
    headers: oauth_request_headers, ## Same result with or without header as well.       
    data: JSON.stringify({
                          ## Same result whether or not I stringify or not.
             client_id: client_id,        
             client_secret: client_secret,        
             code: code,      
          }),    
    };
const cloverResponse = await axios.request(option);


Is it something that I am doing wrong?? I am using sandbox environment.

REST APISandboxOAuthAPI Tokenaccess token
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

vikramgaru avatar image
vikramgaru answered

This might be because you don't have the alternate launch path setup correctly. I will suggest setting up the alternate launch path as described in our docs and then trying again.

Alternate Launch Path.png


10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

leandremmartineau avatar image
leandremmartineau answered leandremmartineau edited

I had the same problem.

For me, I used /oauth/token instead of /oauth/v2/token and I finally got a successful response.

Yet, I am not 100% sure this is the way to go as /oauth/token is the url mentioned in the Europe/Latin America docs at the time of writing. But the Canada/US one, really mention using /oauth/v2/token, which was the one I was expected of using, as my merchant is in Canada. Maybe the documentation is simply wrong for Canada/US?


The obtained token worked for this endpoint :

GET https://scl-sandbox.dev.clover.com/pakms/apikey

But not any of the other ecommerce ones such as :

POST https://scl-sandbox.dev.clover.com/v1/customers

Still trying to figure out if it is related to the OAuth token itself or something else I missed, so you might give it a try.

---- EDIT

If it helps, I never got the oauth2 token to work for e-commerce endpoints.

I finally got it to work by sending an E-commerce API key as the Bearer token instead of going trough the OAuth, which works for my use-case.

I did not found it in the documentation tough, it is really written that going trough OAuth is the way to go for using E-commerce API.

The only documentation I found that mention E-commerce API keys is the one for the Magento (or Woocommerce) E-commerce plugin : https://docs.clover.com/docs/setting-up-an-api-token.

I used 'API' as the integration type and now, I can now make successful calls to the API with it.



10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

submatic avatar image
submatic answered

@vikramgaru setting the alternate launch path did not help for me. It seems like the left pane logged in oauth 2 workflow does not work. It works if the user is logged out of Clover and initiates the request from the third party app.

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

submatic avatar image
submatic answered

Now it seems like there is a new error happening with the OAuth2 workflow (I'm using the sandbox only currently). When I inspect via the console I see a 500 internal server error on the following POST request https://sandbox.dev.clover.com/v2/merchant/[[merchant_id]]/apps/install/[[client_id]]

Hopefully this is resolved soon. Thanks

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Satish avatar image
Satish answered

@vikramgaru Adding alternate launch path URL seems to have fixed the problem (at least in sandbox for now). But isn't the alt launch path supposed to be optional ?

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community