Hello, I have an Oauth2 application registered with your developer portal and seem to be running into issues with it. Here is the error I see:
{“errors”:[{“code”:1,“code_name”:“Unauthorized”,“detail”:“The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn’t understand how to supply the credentials required.”,“id”:“”,“status”:“401”,“title”:“Unauthorized”}]}
I am able to sign into my primary account (the one that created the Oauth2 application) but the error above occurs when I attempt to connect via my personal account (or another account attempts to sign in).
Any assistance here to track this down would be appreciated.
I reported this a week ago to your primary support and it took five days for them to reply and tell me I was in the wrong place. It would be great to get this situated and figured out. Thank you for any assistance.
My initial thought is to verify the client parameters are accurate (id, secret, tokens), whichever ones you use. If those parameters end up not being the cause of your authorization issues, I’m not sure what could be at fault here
Thank you for the reply @REPLICVTE … everything works when I sign in with the account that created the Patreon OAuth2 application, so those settings all appear to be correct. It is when I sign in with my personal account (or one of my users sign-in with their account) that the error(s) occur.
Over a week now of reporting this, it would be great to get some assistance here to get your application working on my site as intended. Thank you in advance.
You should double check the scopes that you are asking and the fields you are using in the calls. If you ask for any user’s email without having the identity.email scope, for example, you will end up with unauthorized errors.
Thank you for your reply @codebard. I am confused about why this would occur with one account but not another. Is there a way I can check with my Patreon Oauth2 application to see why an authentication did not successfully completed?
Try creating 1-2 different Patreon accounts with different emails in order to test whether the authorization process at your app completes properly.
You can check the results at your db or wherever you are saving the tokens. You should have received valid tokens after completing through the oauth flow.
If the majority of the accounts complete auth properly and their tokens work, then there may be something up with that singular account interacts with your app.
Thank you for your continued assistance @codebard. To be certain I have already done what you have suggested here and have tried with 3 accounts total, with only one – the one that owns the Oauth2 application – successfully authenticating without error. There have actually been four accounts that have tried in total but only the owning account (the one that works) and a personal one are under my control.
Then it is possible that you are not asking the required scopes for the resources that are used for patrons’ calls. Creator token would allow you access to anything related to your campaign without having to ask scopes. But the user-created tokens through oauth require the exact permissions.
To be certain @codebard this is for an Oauth connection and nothing more, using the campaign scope to get the username if assigned to the account. The scope is the same for both accounts connecting using the same process.
If you are trying to access the username of the account by using the user-generated token (not your creator access token), then you would have to have the identity scope on that token. Try seeing that such scopes are correct, and you are requesting the exact fields.
Thank you very much for your patience and assistance @codebard there is indeed an identity scope being applied that I was overriding:
I was setting "campaigns" only and was not passing in identity. In local testing this was working because apparently the creator of the application gets this regardless. I have verified this and am now unblocked with this issue.
The creator access token always has all the permissions to your own campaign so its not a good token to use for development of user-facing functionality that would require a user’s access token. Great that you sorted out.
