question

thedangler avatar image
thedangler asked thedangler commented

Auth2.0 flow from Clover Dashboard

I'm trying to implement the Autho2.0 flow but running into some inconsistencies.
If the user is already logged into clover and installs the app they are taken to the redirect_uri set in the REST settings. It passes along app_id,client_id and code which I should be able to use to get an access token by sending a post request to

https://apisandbox.dev.clover.com/oauth/v2/token

with my app secret,client_id,code,merchant_id. However I always get an error

Failed to validate authentication code.

, which makes no sense because clover generated the code and sent it to my uri because they are already authorized by clover.

How do I get an access_token when the user is already logged into clover and clicks on my app from the dashboard without having to send them back to the /oauth2/v2/authorize endpoint.

I have a work around but its not pretty.

REST APIOAuthAPI Token
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
bryanvargas avatar image
bryanvargas answered thedangler commented

There should be a new authorization code every time they hit that endpoint. Make sure you are using the recent one.

3 comments
10 |2000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

thedangler avatar image thedangler commented ·

Hey. The code that comes from clover when the user is logged in is new everytime.
I use that code to make a post request to 

                     
    
                      
  1. https://apisandbox.dev.clover.com/oauth/v2/token
    2.

But like I mentioned I always get the code is not valid. If I send the user back to the authorize end point and they come back with a code the /oauth/v2/token end point works.

It never works for me when the user comes from Clover Dashboard.


0 Likes 0 ·
parquet76 avatar image parquet76 thedangler commented ·

I haven't played with the new flows, but, per the docs it sounds like calling authorize is what you are supposed to do - https://docs.clover.com/docs/merchant-dashboard-left-navigation-oauth-flow.

0 Likes 0 ·
thedangler avatar image thedangler parquet76 commented ·
But why would I need to call authorize again if they are already logged into clover.

The code sent from clover should work to gerenrate an access_token.
It doesn't then I have to send them back to clover to "sign in" again to get a code.


0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Welcome to the
Clover Developer Community