I'm trying to create a basic inventory management app for my business. It only needs to run on my machine so I'm running a Flask app on localhost. I've been trying to get the basic code for authorizing with the clover api to work, but i've had so many issues.
import flask
import requests
import config
import os
from OpenSSL import SSL
ASSETS_DIR = os.path.dirname(os.path.abspath(__file__))
CLIENT_ID = config.CLIENT_ID
CLIENT_SECRET = config.CLIENT_SECRET
ENV = "https://sandbox.dev.clover.com"
if not CLIENT_ID or not CLIENT_SECRET:
raise ValueError("Set your CLIENT_ID and CLIENT_SECRET in config.py.")
app = flask.Flask(__name__)
context = SSL.Context(SSL.SSLv23_METHOD)
context.use_privatekey_file('crt/key.pem')
context.use_certificate_file('crt/certificate.pem')
app.config['APPLICATION_ROOT'] = '/'
app.config['PREFERRED_URL_SCHEME'] = 'https'
@app.route("/", methods=["GET"])
def landing_page():
"""Depending on whether `code` parameter is present, redirects to
oauth_callback or to Clover merchant login."""
# A request from an authorized merchant includes a code in its query string.
code = flask.request.args.get("code")
# If the request doesn't include a code, redirect the merchant to Clover's
# authorize endpoint.
if not code:
return flask.redirect("%s/oauth/authorize?client_id=%s" % (ENV, CLIENT_ID))
# If the request does include a code, redirect to this app's oauth_callback
# in order to request an access_token.
else:
return flask.redirect("/oauth_callback?code=%s" % code)
@app.route("/oauth_callback", methods=["GET"])
def oauth_callback():
"""Uses `code` with CLIENT_ID and CLIENT_SECRET to request access_token."""
code = flask.request.args.get("code")
# The merchant shouldn't reach this endpoint without a code, but just in case:
if not code:
return flask.redirect("/")
# Use the code with your app ID and app secret to request an access_token.
request = "%s/oauth/token?client_id=%s&client_secret=%s&code=%s" % (ENV, CLIENT_ID, CLIENT_SECRET, code)
try:
response = requests.get(request)
response.raise_for_status()
access_token = response.json().get("access_token")
print("Access token: ", access_token)
if access_token:
return "Access token: " + access_token
else:
return "Could not retrieve access_token."
except requests.RequestException as e:
print("Request failed:", e)
except Exception as e:
print(e)
################################################################################
if __name__ == "__main__":
app.run(host='0.0.0.0', port=5000, debug=True, ssl_context=context)
127.0.0.1 - - [12/Feb/2024 19:09:57] code 400, message Bad request version ('**\x13\x01\x13\x02\x13\x03À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x01\x9f\x1a\x1a\x00\x00\x00')
127.0.0.1 - - [12/Feb/2024 19:09:57] "\x16\x03\x01\x02\x0c\x01\x00\x02\x08\x03\x039Kmñx\x00=;G¢Ë¬\x95\x9c>)\x91ZSqîÝ%µÈ\x86OÞ\x1f>× \x96Büo\x08H4¡6ÆÎÈ´ö¡fÐÔ\x8552È\x00uÚ$ߪàss·\x00 **\x13\x01\x13\x02\x13\x03À+À/À,À0̨̩À\x13À\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x01\x9f\x1a\x1a\x00\x00\x00" 400 -
I generated a self-signed certificate to use HTTPS because I thought that would solve the problem, but I'm still getting errors code 400, bad request version, ssl_protocol_error on Chrome, etc.
I barely changed the below code from the clover site, just added the certificate and a couple debugging things. Anyone have idea what I can try or if there is an easier way to do this?
