question

aminyazdani avatar image
aminyazdani asked ·

OAuth Flow: state variable not passed back with token the first time, but it works the second time.

We are implementing OAuth flow, and we have one issue. When we initiate the oauth flow, we pass a state variable to Clover. We expect that state variable to be there when we receive the token, but the first time a merchant approves the access, the state token is not passed to us.
It will work the second time though.

Any ideas what is the issue or how we can resolve this?
MerchantAPI TokenOAuth
2 comments
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Just to clarify, do you mean after the app is installed on the merchant's account for the first time?

1 Like 1 · ·
aminyazdani avatar image aminyazdani Frank Faustino ♦♦ ·

@Frank Faustino. Yes. That's exactly what I mean.

0 Likes 0 · ·

1 Answer

Frank Faustino avatar image
Frank Faustino answered ·

Make sure the app has been installed on your merchant's account first before attempting the OAuth flow. If the OAuth flow is interrupted by having to install the app on your merchant's account, the state field in the OAuth response is lost.

1 comment Share
10 |2000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Could this be reopened and treated as a bug? This seems like a bug in Clover's implementation of the OAuth protocol. Here is the OAuth RFC reference: https://tools.ietf.org/html/rfc6749#page-25. Is there some technical reason why the user must go through 2 separate flows to install the app and then separately do OAuth instead of being able to do both together? All that is required is passing the state variable back to the caller as is customary.

0 Likes 0 · ·

Welcome to the
Clover Developer Community