Getting a 401 while trying to access the api v2 identity endpoint

DreadEmperorBenevole · July 6, 2022, 4:14am

"{\"errors\":[{\"code\":1,\"code_name\":\"Unauthorized\",\"detail\":\"The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required.\",\"id\":\"521196e8-f0d7-5897-b995-f91597907628\",\"status\":\"401\",\"title\":\"Unauthorized\"}]}"

I’m receiving the above messages while trying to pass the access token via header to the /api/oauth2/v2/identity endpoint.

URL: https://www.patreon.com/api/oauth2/v2/identity
Method: GET
Headers: [“Authorization: Bearer #{token}”]

The language is Elixir, I can post some code if needed. I’ve made it through the OAuth2 workflow and can get an access token. Passing this access token or my creator access token doesn’t seem to work.

Any help is appreciated!

Code:

codebard · July 6, 2022, 6:17pm

Unauthorized does not only result from incorrect tokens. It can also result from your call trying to access a resource that the token does not have a scope for. Ie email etc. You must ask permission for that resource from the user during the authorization process before token is created.

If this is your creator token, that’s different.

DreadEmperorBenevole · July 6, 2022, 7:10pm

I’m not specifying any scopes in the call, is the scope required to successfully run the call?

codebard · July 8, 2022, 10:16pm

You dont have to specify the scopes in the call, but you have to specify the includes and fields you want. And those includes and fields may require scopes asked when creating the token. (Again, this is not applicable if this is the creator access token).

Check out how the WordPress plugin does it:

github.com

Patreon/patreon-wordpress/blob/8e984d57d815038d6400bdec26786b37a9cd7fce/classes/patreon_api_v2.php#L22


      
          	public $access_token;

          

          	public function __construct( $access_token ) {

          		$this->access_token = $access_token;

          	}

          	

          	public function fetch_user() {

          

          		// We construct the old return from the new returns by combining /me and pledge details

          

          		$api_return = $this->__get_json( "identity?include=memberships.currently_entitled_tiers,memberships.campaign&fields[user]=email,first_name,full_name,image_url,last_name,thumb_url,url,vanity,is_email_verified&fields[member]=currently_entitled_amount_cents,lifetime_support_cents,campaign_lifetime_support_cents,last_charge_status,patron_status,last_charge_date,pledge_relationship_start,pledge_cadence" );
          

          		$creator_id = get_option( 'patreon-creator-id', false );

          		$campaign_id = get_option( 'patreon-campaign-id', false );

          

          		

          		if ( isset( $api_return['included'][0] ) AND is_array( $api_return['included'][0] ) ) {

          			

          			// Iterate through included memberships and find the one that matches the campaign.

          

          			foreach ($api_return['included'] as $key => $value) {

And this is how it asks the scopes while authorizing:

github.com

Patreon/patreon-wordpress/blob/8e984d57d815038d6400bdec26786b37a9cd7fce/classes/patreon_frontend.php#L870


      
          			// We dont want to redirect people to login page. So check if we are there.
          			if ( $GLOBALS['pagenow'] === 'wp-login.php' ) {
          				$final_redirect = site_url();
          			}			
          			
          			$state['final_redirect_uri'] = $final_redirect;			
          			
          		}
          		
          		$redirect_uri           = site_url() . '/patreon-authorization/';
          		$v2_params = '&scope=' . 'identity+' . urlencode( 'identity[email]' );
          		
          		$href                  = 'https://www.patreon.com/oauth2/authorize?response_type=code&client_id=' 
          		. $client_id . $v2_params 
          		. '&redirect_uri=' . urlencode($redirect_uri) 
          		. '&state=' . urlencode( base64_encode( json_encode( $state ) ) );
          		
          		$href                  = apply_filters( 'ptrn/login_link', $href );
          		$filterable_utm_params = 'utm_term=&utm_content=login_button';
          		$filterable_utm_params = apply_filters( 'ptrn/utm_params_for_login_link', $filterable_utm_params );

Topic		Replies	Views
401 Unauthorized Error from OAUTH2 Endpoint Friendly Help	5	167	March 5, 2024
401 Unauthorized no matter what I do Friendly Help	2	473	August 29, 2022
Getting 401 error for v2 identity request with all tokens except for mine Friendly Help	7	757	March 1, 2019
401 Unauthorized Error on Identity GET Friendly Help	3	720	January 19, 2020
Intermittent 401 errors while testing my app Friendly Help	1	332	August 23, 2022

Getting a 401 while trying to access the api v2 identity endpoint

Related Topics