question

dav1126 avatar image
dav1126 asked sanawaseem99 answered

First token request unauthorized in OAuth2

I can't make the requests to get a first token to work in the new oauth flow. The old flow is working fine for me.

The only differences that I can see in the doc is that the production URL changed from https://www.clover.com to https://api.clover.com. The route changed from /oauth/token to /oauth/v2/token and the the request is now a POST instead of a GET. The params (client_id, client_secret and code) are now passed in the POST request body instead of the GET search params. These are the only changes I made. The new oauth API always returns :

401 {"status":"Unauthorized","message":"Failed to validate authentication code."}

It happens in sandbox and production environment. If it helps, doing the exact same resquest ( a POST with params in the body) on the old API route ( /oauth/token ) succeeds and gets me an access_token, but no refresh_token.


Prod app id: XX4047T4M54AY

OAuthaccess token
10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bryanvargas avatar image
bryanvargas answered

Are you getting a new authentication code(they can only be used once)

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

dav1126 avatar image
dav1126 answered

Yes, I tried multiple times with different authentication codes (trying only once per code). The same authorization code will return a 401 on the new route (/oauth/v2/token) but will work on the old route (/oauth/token).

10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

bryanvargas avatar image
bryanvargas answered

There must be a step you are missing, I did the full Oauth V2 flow and was able to get an accessToken and refresh token.


For merchant who are not logged in
{ {baseUrl}}/oauth/v2/authorize?client_id={ {appId}}&redirect_uri={ {redirectUrl}}

returned in the URL will be a code and you will take that code and run:
POST { {baseUrl}}/oauth/v2/token
Payload:

{ "client_id" : " { {appId}} " , "client_secret" : " { {appSecret}} " , "code" : "code goes here" }




10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sanawaseem99 avatar image
sanawaseem99 answered

what will be the redirect uri here ?


10 |2000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community