question

ritiksp avatar image
ritiksp asked

Getting error exchanging authorization code for tokens using pkce oauth v2 flow for low trust app

Send get request to clover server to initiate the oauth process at - https://apisandbox.dev.clover.com/oauth/v2/authorize?client_id=xyz&redirect_uri=https%3A%2F%2F0db4-2401-4900-1c82-cf03-e5e9-6bc-1215-81ec.ngrok-free.app%2Fcallback&code_challenge=3gYkvilD0WKjzqFc-h8nFA0MxydJyMlia_C_bIi62RE

Clover server request a call back to dev app at along with merchant id and employeeId and important auth code-
https://0db4-2401-4900-1c82-cf03-e5e9-6bc-1215-81ec.ngrok-free.app/callback?merchant_id=HPFKPWVDGMQA1&employee_id=TXXC0PYASERGJ&client_id=xyz&code=5e69845c27544a84a4a86a3eb9e2cd35

Not sure what is happening at clovers end when i try to call

https://apisandbox.dev.clover.com/oauth/v2/token
i cross checked code is exactly same as code that i'm receiving from clover server and code_verifier

{ "client_id": "xyz", "code": "4c22e2e2018047f192759d4b2c96aad9", "code_verifier": "nfiHH0JivX46vKEojTpnuu9AARTDE3r-OfcuEHCMOig" }

In response to above call, I'm getting this - 

Error exchanging authorization code for tokens: {
  status: 'Unauthorized',
  message: 'Failed to validate authentication code.'
}



Please correct your documentation for low trust apps for request to your token endpoint which says
include the query parameters: client_id, client_secret/code_verifier, and auth_code
in high/low trust apps actually these data, accepted via request body. https://docs.clover.com/dev/docs/oauth-flow-for-low-trust-apps-pkce

OAuth
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

0 Answers

·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community