Issue With OAuth2

Hi,

I’ve trying to use the Patreon authentication mechanism and have been trying to get it to work for several days now.

I’ve gotten to step 4 but can’t seem to get any further.

When calling the API using cURL commands, to the URL mentioned (www.patreon.com/api/oauth2/token?) to retrieve a token I get 301 responses.

If I use the -L flag to follow the redirect I just get a HTML response.

If I make the same request to api.patreon.com/api/oauth2/token, then I get the following response:
{
“errors”: [
{
“code”: null,
“code_name”: “AdminAccessDenied”,
“detail”: “You do not have permission to use this admin tool.”,
“id”: “9c33ec5c-ea63-4ca2-b1c3-9c5a25a118da”,
“status”: “403”,
“title”: “You do not have permission to use this admin tool.”
}
]
}

I’ve also tried to call this API using a POST request as the documentation specifies but I get a 403 instead.

Am I missing something?

Thanks!

The issue is most likely because you’re making requests over http instead of https: the API is instructing your client to retry the request over https (hence the redirect) but POST requests cannot be redirected with POST data; the data is being lost. The solution is to make your requests to https://www.patreon.com/api/oauth2/token.

Actually, it looks like when requests are made to the API over http, Patreon redirects to the root instead of the current path but over https.

$ curl -I http://www.patreon.com/api/oauth2/token
HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Mar 2018 21:27:52 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://www.patreon.com

[edit: actually, ignore all this, there’s no POST data involved. I’ve spent too much time working with other APIs and I’ve forgotten how OAuth works. Shame. The problem does appear to be that Patreon’s http → https redirect doesn’t redirect correctly]

As general programming advice: always communicate over https, never http — unless there is a specific situation that dictates you must communicate over http.

If this does not resolve your issue please share the command(s) that you’re using to query the API.

Ah, OK. That’s got me further!

curl --X POST -H “Content-Type: application/x-www-form-urlencoded” https://www.patreon.com/api/oauth2/token?code=code&grant_type=authorization_code&client_id=client_id&client_secret=secret&redirect_uri=http://127.0.0.1:3333/authenticated/patreon

However I now have a new issue. Here’s the error that I’m receiving from the above command:

{“error”: “unsupported_grant_type”}

Thanks :slight_smile:

I’ve tried this without the POST and I get a 405…

the endpoint must be called with POST, 405 means that the verb used is invalid.

{“error”: “unsupported_grant_type”}

That’s because you’re using authorization_cdeo as a grant type, we currently only support code

If anyone comes upon this trouble. It may simply be because you are formatting the data incorrectly to send for the POST. In my case I was doing in JS fetch like this:

{
headers: {
‘Content-Type’: ‘application/x-www-form-urlencoded’,
},
method: ‘POST’,
body: new JSON.stringify({
code: req.query.code,
grant_type: ‘authorization_code’,
client_id: PATREON_CLIENT_ID,
client_secret: PATREON_CLIENT_SECRET,
redirect_uri: PATREON_REDIRECT_URL,
})
}

When instead of JSON.stringify I should have used: “new URLSearchParams({…bodyContent})” as we aren’t dealing with an API that accepts standard JSON.

1 Like