question

msargent avatar image
msargent asked wm1 answered

Problems with Migrating Access Tokens in Web Integration

I am attempting to follow the Legacy token migration flow ( https://docs.clover.com/docs/legacy-token-migration-flow ) but I am leaving out the PKCE portion. I am unable to complete the migration successfully and now unable to get a new authorization_code after it appears the legacy access token has been invalidated.

For step 2, I used curl to POST to oauth/token/migrate_v2 as follows:

curl --request POST \\
    --url '<https://apisandbox.dev.clover.com/oauth/token/migrate_v2>' \\
    --header 'accept: application/json' \\
    --header 'authorization: Bearer [legacy_access_token]' \\
    --header 'content-type: application/json' \\
    --data '{"merchant_uuid": "[merchant_id]","app_uuid": "[app_id]","auth_token": "[legacy_access_token]"}'

After successfully receiving the authorization_code on the first attempt, I proceeded to step 4. I used curl to POST to /oauth/v2/token as follows:

curl --request POST \\
            --url '<https://apisandbox.dev.clover.com/oauth/v2/token>' \\
            --header 'accept: application/json' \\
            --header 'authorization: Bearer [legacy_access_token]' \\
            --header 'content-type: application/json' \\
            --data '{"client_id": "[app_id]","client_secret": "[app_secret]","code": "[authorization_code]"}'

However, my response was:

{"status":"Unauthorized","message":"Failed to validate authentication code."}

When I tried to repeat the curl POST to oauth/token/migrate_v2, each subsequent attempt would give me:

{"message":"Token is not valid or not available."}

So now I can no longer get an authorization code.

In the Legacy Token Migration flow docs ( https://docs.clover.com/docs/legacy-token-migration-flow ) it’s unclear what I need to use for the authorization: Bearer header particularly for the /oauth/v2/token request. Based on the flow chart it appears my legacy token was invalidated after making the oauth/token/migrate_v2 request and getting the authorization code.

Questions:

  1. How can I trigger the oauth/token/migrate_v2 request again after it appears I no longer have a valid legacy access token?

  2. Are changes needed to make both of my curl requests correct? And what should the authorization: Bearer portion look like for the /oauth/v2/token request?

Thanks for any help.

REST APIOAuthAPI Token
1 comment
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

msargent avatar image msargent commented ·

Note this relates to sorting out expiring Access Tokens with a hybrid Android and Web app, also see this reply and thread here: https://community.clover.com/questions/63793/expiring-access-tokens-for-hybrid-web-and-android.html?childToView=64561#answer-64561

0 Likes 0 ·

1 Answer

·
wm1 avatar image
wm1 answered

We gave up on migrating sdk/device token's. There is no clear response from Clover whether these can actually be migrated. If they can be - then they get invalidated in the process, and the app has to re-auth to get a new device-token.

Instead we're pushing all (new and existing) merchants to OATH2 flow and getting a couple refresh+access tokens for redundancy. I wrote a post on it two days ago, but it is still in "moderation" whatever that means.

10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community