Forum

Hello,

I’m using Postman v8.6.2 (MacOS) and for the step where we send the GET request for our authentication code, Postman cannot render the login page due to not allowing Javascripts in its preview pane. This means that we cannot proceed with the rest of the tutorial. I’ve checked by just doing the auth process through a browser, and after logging in and accepting the permissions required, it returns the code needed correctly. This code doesn’t work if it’s transplanted to Postman however, so we cannot continue with the following steps, giving a 400 bad request response with:

{
“error”:”invalid_grant”,
“error_description”:”Exception of type ‘Eliot.Packages.Core.Abstractions.Exceptions.OAuthException’ was thrown.”
}

A quick search seems to indicate this is because the code was requested from a different app than the one requesting the token. I’d just like to verify if this is the case or if there’s some other issue I’m not aware of. And if not requesting the code through Postman is indeed the culprit, how do we solve it?

• This topic was modified 2 years, 10 months ago by Obotrons. Reason: Fixed accidental inclusion of HTML tags

Hello,

The /authorization request is used to ask users for their consent to access data of their products. It has to be done only once. Indeed, it’s not possible to do it via Postman as it require to be displayed on a webpage

With the code displayed in the URL, you can then do a /token request with all needed information from documentation in the Body

As I understand, in your case you do the /authorize request with 1 app, and then use the authorization_code to make a /token request to an other app ? If you do it, it will not work. Users have to give consent to the same app which will then request tokens and do other GET/POST methods

Have a good day,

Leslie – Community Manager

Understood. I’ll give it a whirl with a test app. Will follow-up if I run into more issues.

Thank you.

Situation update:

So after getting stuck with a bunch of other task, I was finally able to come back around to this. Got an Android test application going with a WebView to get past the code part. That works fine, and the code was snipped from the URL after some redirects.

Got stuck for the longest time on actually getting the token following the instructions at https://developer.legrand.com/tutorials/0auth2-end-point-url/. Finally made a break through after I tried adding a “redirect_uri” field for step 2. My response only received an access_token and an id_token tho, no refresh_token.

Has there been some changes that wasn’t reflected in the documentations/instructions/tutorial or am I doing something wrong here?

Hi Obotrons,

We didn’t proceed to any change in authentication process or in related documentation

On my side, I correctly retrieve the refresh_token value and its expiration time on the 2 last lines of the JSON :

Sorry, my bad. The refresh token is there, my console just decided to truncate off the lower part of the response. All solved.