BAD credential 401

neoxen-1567 · March 9, 2021, 12:39pm

Hello all,

Sorry I see this topics is in multiple search in this forum but really i don’t find what is my problem.
I try to get a anthoprization code from a user to get an access token.
So in see in the documentation we need to get a code from oauth/authorize.

I doing this in php with this code

<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://eu.battle.net/oauth/authorize',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
    'region: eu',
    'response_type: code',
    'client_id: XXXXXXXXXXXXXXXXXXXXX',
    'redirect_uri: https://XXXXXXXXXXXXX',
    'scope: wow.profile',
    'state: pingTest'
 ),
 ));
 $response = curl_exec($curl);
 curl_close($curl);
 echo $response;
?>

After doing this i continue to get a blizzard page with 401 Bad client credentials
My client id is good so i really don’t understand why i don’t get blizzard popup to connect my user

Schiller-1822 · March 9, 2021, 2:37pm

You can’t open the /oauth/auhorize using cURL, you must provide a proper OAuth2 link on the web page for the user (Login with battle net).

A valid link looks like something like this: https://{region}.battle.net/oauth/authorize?client_id=<YOUR_CLIENT_ID>&redirect_uri=<YOUR_REDIRECT_URI>&response_type=code&scope=wow.profile&state=<OAUTH_STATE>

The user will click on this link, gets redirected to Blizzard’s official login page where they will have to type in their username and password (only if they are not already signed in on the device).
After that Blizzard OAuth provider will redirect the user back to your redirect_uri with an extra param on the query string containing the authorization_code. Your server must now send this code with your credentials to /oauth/token and exchange it for the actual access_token.

neoxen-1567 · March 9, 2021, 2:42pm

OK Thanks Schiller
I understand what i’m doing wrong :).

Thank a lot