api-notebook icon indicating copy to clipboard operation
api-notebook copied to clipboard

Published 20 hours ago verified publisher icon mulesoft

OAuth fail for Smartsheet.

Open KonstantinSviridov opened this issue 10 years ago • 2 comments

Hi,

OAuth 2.0 fails for Smartsheet.

The error message is:

Error: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
at o (https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:20:29816)
at https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:20:30388
at j (https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:25:8765)
at k (https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:25:8862)
at https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:25:8971
at XMLHttpRequest.<anonymous> (https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:20:17783)
at XMLHttpRequest.<anonymous> (https://api-notebook.anypoint.mulesoft.com/scripts/api-notebook.js:20:17629)

The first stage of authentication passes fine as I see the window which prompts me to authenticate the application.

I tryed sniffing it with chrome and it showed me request on token uri:

POST https://api-notebook.anypoint.mulesoft.com/proxy/https://api.smartsheet.com/1.1/token
Content-Type:application/x-www-form-urlencoded
code=11gnbs4pvmv0h37w&
grant_type=authorization_code&
redirect_uri=https%3A%2F%2Fapi-notebook.anypoint.mulesoft.com%2Fauthenticate%2Foauth.html&
client_id=***&
client_secret=***

If this request is really the one which is supposed to obtain the token then the error becomes clear, as the request does not have valid format expected by smartsheet:

  1. They expect query parameters, not form
  2. They expect the hash parameter which "SHA-256 hash of your client secret concatenated with a pipe and the authorization code."

Thus, I have two questions:

  1. Is the request I see the one which is supposed to obtain token?
  2. Is it possible to controll Oauth requests from Notebook?

Documentation can be found at https://www.smartsheet.com/developers/api-documentation#h.g2vb66olibzc

Test Notebook is https://api-notebook.anypoint.mulesoft.com/notebooks#476d86bf3c8bc880cc3f

Credentials can be found in the PT story: https://www.pivotaltracker.com/story/show/80644320

Regards, Konstantin.

KonstantinSviridov avatar Nov 21 '14 16:11 KonstantinSviridov

@KonstantinSviridov can you send me the credentials offline so I can test if that is still a problem.

sichvoge avatar Jul 28 '16 09:07 sichvoge

Could you please tell me if this is still an issue?

joaquinbucca avatar Jun 28 '17 19:06 joaquinbucca