Experiencing trouble with OAuth codeflow


#1

I’ve been writing some API interactions via Python. So far the interactions with the ‘client credential flow’ have been pretty straight forward. I’m now currently stuck on the first two steps of the ‘authorization code flow’ portion.

http s://develop.battle.net/documentation/api-reference/oauth-api
(broke up the https to paste in the URL I’m referencing)

I’ve been able to get the initial code from the “Authorization Request” GET call to ‘/oauth/authorize’. I continue on to the next step of the “Access Token Request” POST call to ‘/oauth/token’ using the code from the previous GET call output, but keep getting 401 error codes.

Again quickly, token generation using the ‘client credential flow’ is pretty straight fowrard, got that one down. Has anyone run into these issues with the separate ‘authorization code flow’ and recognizes where I might be stumbling?


#2

If you haven’t already, I would recommend giving the OAuth guide a read.

develop.battle.net/documentation/guides/using-oauth/authorization-code-flow

There is an example CURL command that you will need to reproduce with your python code.

curl -X POST https://us.battle.net/oauth/token
-u <developer client id>:<developer secret>
-d redirect_uri=<redirect URI used in authorize request>
-d scope=<space separated scopes>
-d grant_type=authorization_code
-d code=<authorization code>

If you are receiving a 401 response back, you might be missing part of the request payload (the parts denoted with -d), or you might be malforming one of the values.


#3

Success! I definitely got confused with the parameter list for the ‘POST /oauth/token’ on this page:

develop.battle.net/documentation/api-reference/oauth-api

It calls for ‘client_id’ as a required parameter but does not mention anything about the ‘client_secret’ string.

Thanks for pointing me in the right direction!