Hey guys,
We’re making a custom app, and all is working except for the Oauth 2.0. We are able to get to the other software side and login there, but the it shows a bad request. Working with the other software support, we can see it’s sending back the required data, so we know it’s an issue on the make side.
We’ve used the request in postman with the postman uri and it worked, we’ve also used it in postman with both https://www.make.com/oauth/cb/app or https://www.integromat.com/oauth/cb/app uri’s and it created and refreshed the token. So it just seems to be something in the ‘connection’ code on the make custom app. This is the error:
[
{
“message”: “The request failed due to failure of a previous request.”,
“code”: “SC424”,
“suberrors”: [
{
“message”: “Status Code Error: 400”,
“name”: “RuntimeError”
}
],
“debug”: [
[
“request”,
“POST”,
“https://app.class.com.au/connect/token”,
{
“qs”: {
“code”: “adf52204-a231-4897-8159-6359b1782abb”,
“grant_type”: “authorization_code”,
“redirect_uri”: “https://www.make.com/oauth/cb/app”
},
“headers”: {
“user-agent”: “Make/production”,
“content-type”: “application/x-www-form-urlencoded; charset=utf-8”,
“authorization”: “Basic MzkxOWZmNjktNjcxNS00NWY1LTk0OTItMmZkODhiODNmZjMyOjY0OWZhMTQ0LWE0ZTYtNGJlNi1iMzdmLTk3YjNkNDAyNmFjOQ==”
},
“timeout”: 40000
}
],
[
“response”,
400,
{
“body”: {
“error”: “unsupported_grant_type”
},
“headers”: {
“date”: “Thu, 07 Nov 2024 15:37:45 GMT”,
“content-type”: “application/json;charset=UTF-8”,
“content-length”: “34”,
“connection”: “close”,
“server”: “Apache”,
“strict-transport-security”: “max-age=63072000; includeSubDomains; preload”,
“x-xss-protection”: “1; mode=block”,
“expect-ct”: “age=31536000, enforce”,
“x-content-type-options”: “nosniff”,
“x-frame-options”: “sameorigin”,
“referrer-policy”: “same-origin”,
“cache-control”: “no-cache”,
“pragma”: “no-cache”,
“expires”: “-1”,
“content-security-policy”: “frame-ancestors ‘self’ https://.class-test.com.au https://.class-preprod.com.au https://.class-pie.com.au https://.class-prod.com.au https://*.class.com.au”
}
}
],
[
“error”,
“Status Code Error: 400”
]
]
}
When I tried to use web browser for getting code I saw new window for authorization and approve access to app, but after that I have got an error “Bad request” or “Source not found”.
Example of this url: (I replcae clienId for text in this example).
https://app.class.com.au/connect/authorize?response_type=code&client_id=cleintid&redirect_uri=https://www.make.com/oauth/cb/app&scope=target:b/andromedae%20offline_access%20business.fund.create%20fund.read%20business.fund.list
My request of JSON from section “Connection”
{
// Step 1: OAuth2 authorization request
// See OAuth2 documentation: Authorization Code Grant - OAuth 2.0 Simplified
“authorize”: {
“url”: “https://app.class.com.au/connect/authorize”, // Endpoint for authorization.
“qs”: {
“scope”: “{{ifempty(parameters.scopes, oauth.scope)}}”, // Lists the scopes from the “default scope” tab.
“client_id”: “{{ifempty(parameters.clientId, common.clientId)}}”, // Client ID either provided in common parameters (below) or by the user.
“redirect_uri”: “{{oauth.makeRedirectUri}}”, // Redirect URI (see the link above).
“response_type”: “code” // Response type “code”.
},
// Authorization response handling
// See OAuth2 documentation The Authorization Response - OAuth 2.0 Simplified
“response”: {
// Store received “code” into temporary storage.
“temp”: {
“code”: “{{query.code}}”
}
}
},
// Step 2: OAuth2 token request
“token”: {
“condition”: “{{temp.code}}”, // Checks if “code” has been correctly received by authorization response.
// If API doesn’t have authorize endpoint, fix the condition to: “condition”: “{{!data.accessToken}}”.
“url”: “https://app.class.com.au/connect/token”,
“method”: “POST”,
“headers”: {
“Authorization”: “Basic {{base64(ifempty(parameters.clientId, common.clientId) +‘:’+ ifempty(parameters.clientSecret, common.clientSecret))}}”,
“Content-Type”: “application/x-www-form-urlencoded; charset=utf-8”,
“Host”: “app.class.com.au”
},
“qs”: {
“code”: “{{temp.code}}”,
“grant_type”: “authorization_code”,
“redirect_uri”: “{{oauth.makeRedirectUri}}”
},
// Token response handling
"response": {
"data": {
"expires": "{{addSeconds(now, body.expires_in)}}", // Stores the expiration date of accessToken.
"accessToken": "{{body.access_token}}", // Stores the accessToken.
"refreshToken": "{{body.refresh_token}}",
"type": "{{body.token_type}}",
"scope": "{{body.scope}}",
"businessname":"{{body.BusinessName}}",
"businesscode":"{{body.BusinessCode}}"
},
"expires": "{{addSeconds(now, body.refresh_expires_in)}}" // Stores the expiration date of the refreshToken.
},
"log": {
"sanitize": [ // Excludes sensitive parameters from logs.
"request.body.code",
"response.body.access_token",
"response.body.refresh_token"
]
}
},
// Step 3: Refresh token
// See OAuth2 documentation https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/
"refresh": {
"condition": "{{data.expires < addSeconds(now, 1)}}", // Executes the request if accessToken is expired.
"url": "https://app.class.com.au/connect/token",
"method": "POST",
"headers": {
"Authorization": "Basic {{base64(ifempty(parameters.clientId, common.clientId) +':'+ ifempty(parameters.clientSecret, common.clientSecret))}}",
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
"Host": "app.class.com.au"
},
"qs": {
"grant_type": "refresh_token",
"refresh_token": "{{data.refreshToken}}"
},
"response": {
"data": {
"expires": "{{addSecond(now, body.expires_in)}}", // Stores the expiration date of the new accessToken.
"accessToken": "{{body.access_token}}", // Stores the new accessToken.
"refreshToken": "{{body.refresh_token}}" // Stores the new refreshToken.
},
"expires": "{{addSecond(now, body.refresh_expires_in)}}" // Stores the expiration date of the new refreshToken.
},
"log": {
"sanitize": [
"request.body.refresh_token",
"response.body.access_token",
"response.body.refresh_token"
]
}
}
}
So, I need to create connection with this app - https://support.class.com.au/hc/en-au/articles/360001362256-Authorization-Code-Flow#h_20514da7-63c4-4385-aa16-5835a240b801
Can you help me, please, with this?