Unable to fully authenticate using oauth: Error code 400
Answered
Here is my code:
from flask import Flask, redirect, request
from boxsdk import Client
from boxsdk import OAuth2
import config_oauth
import requests
import logging
app = Flask(__name__)
# Create new OAuth client & csrf token
oauth = OAuth2(
client_id=config_oauth.client_id,
client_secret=config_oauth.client_secret
)
csrf_token = ''
# Create Box redirect URI with csrf token and redirect user
@app.route('/login')
def start():
global csrf_token
auth_url, csrf_token = oauth.get_authorization_url(config_oauth.redirect_uri)
return redirect(auth_url)
# Fetch access token and make authenticated request
@app.route('/get')
def capture():
# Capture auth code and csrf token via state
code = request.args.get('code')
state = request.args.get('state')
# If csrf token matches, fetch tokens
assert state == csrf_token
access_token, refresh_token = oauth.authenticate(code) # CODE BREAKS HERE
client = Client(oauth)
return "Done"See comment where my code breaks. I keep getting an error code 400, not sure why. Here is the exact printout of the error message that I receive back:
BoxOAuthException:
Message: None
Status: 400
URL: https://api.box.com/oauth2/token
Method: POST
Headers: {'Content-Length': '83', 'Set-Cookie': 'box_visitor_id=5c700b6c75c633.73632444; expires=Sat, 22-Feb-2020 14:47:08 GMT; Max-Age=31536000; path=/; domain=.box.com; secure, bv=OPS-42881; expires=Fri, 01-Mar-2019 14:47:08 GMT; Max-Age=604800; path=/; domain=.app.box.com; secure, cn=11; expires=Sat, 22-Feb-2020 14:47:08 GMT; Max-Age=31536000; path=/; domain=.app.box.com; secure, site_preference=desktop; path=/; domain=.box.com; secure', 'Age': '0', 'Strict-Transport-Security': 'max-age=31536000', 'Connection': 'keep-alive', 'Cache-Control': 'no-store', 'Date': 'Fri, 22 Feb 2019 14:47:08 GMT', 'Content-Type': 'application/json'}
-
Hi ,
I don't see anything directly wrong in the code, so let's see what else it may be:
- If you print out the code that comes back, does it look correct? It should be an alphanumeric string.
- In the OAuth 2 app you created at developer.box.com, is the redirect URL the same as the one that you are setting in your code?
- Just to test, can you enable all scopes and also the "Perform actions as users" option?
That should help us get a bit closer to the solution.
Thanks,
Jon
-
Hi ,
I've solved the issue: it turns out my client secret was incorrect.
This would have been easier to solve had there been a better error message I think – even something like "invalid credentials" would have made me check the client id/secret.
Thankfully, a Box employee on GitHub helped me out, and told me it was a problem with either my client id or secret. Come to find I had copy/pasted the client id twice accidentally, so this was an easy fix.
Thanks for the reply.
-
I'm glad to hear that you were able to resolve the issue. Also completely agree, that error response with lack of message didn't do much to help the situation.
With that said, let's talk about next steps. We've been doing some extensive work on trying to identify major hurdles in the onboarding process. One of those hurdles was around error responses, and also around the documentation on how to resolve those errors. As a next step we'll be working on creating a plan around attempting to resolve any vague errors like this, with an ideal target around unifying the errors and docs together. I know this isn't needed for you right now with this issue resolves, but I just wanted to be transparent that we are working towards improving this holistically on the platform.
- Jon
Please sign in to leave a comment.
Comments
3 comments