400 - Oauth error invalid_request

Highlighted
Shopify Partner
32 0 7

Hi,

I am using the Shopify OAuth for my app. The code has worked fine, until this morning. Are there any technical issues with using OAuth today?

Request

POST https://jmatestshop.myshopify.com/admin/oauth/access_token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: jmatestshop.myshopify.com
Content-Length: 127
Expect: 100-continue
Connection: Keep-Alive

client_id=xx&client_secret=yy&code=zz

Response

HTML -   <title>400 - Oauth error invalid_request</title>

Is something wrong with my account? It's under Cloud Cart Connector, JMA Web Technologies. This request for a token is using a test store. My tokens have been with Shopify for over a year. Should I renew or replace them?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 47

What is your API key?

0 Likes
Highlighted
Shopify Partner
32 0 7

Hi,

427eb2e294b8d7e554778c19df777692

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 47

It appears that your request that was placed at 20:03:02 UTC did succeed because I can see that the code was redeemed for the access token.

How are you verifying/extracting the codes from the oauth callback?

0 Likes
Highlighted
Shopify Partner
32 0 7

Hi,

Here is the code:

        public ShopifyAuthorizationState AuthorizeClient(string code)
        {
            string url = String.Format("https://{0}.myshopify.com/admin/oauth/access_token";, _shopName);
            string postBody = String.Format("client_id={0}&client_secret={1}&code={2}",
                _apiKey,    // {0}
                _secret,    // {1}
                code);      // {2}

            HttpWebRequest authRequest = (HttpWebRequest)WebRequest.Create(url);
            authRequest.Method = "POST";
            authRequest.ContentType = "application/x-www-form-urlencoded";
            using (var ms = new MemoryStream())
            {
                using (var writer = new StreamWriter(authRequest.GetRequestStream()))
                {
                    writer.Write(postBody);
                    writer.Close();
                }
            }

            var response = (HttpWebResponse)authRequest.GetResponse();
            string result = null;

            using (Stream stream = response.GetResponseStream())
            {
                StreamReader sr = new StreamReader(stream);
                result = sr.ReadToEnd();
                sr.Close();
            }

            if (!String.IsNullOrEmpty(result))
            {
                // it's JSON so decode it
                JObject jsonResult = JObject.Parse(result);
                return new ShopifyAuthorizationState
                {
                    ShopName = this._shopName,
                    AccessToken = (string)jsonResult["access_token"]
                };
            }

            return null;
        }
    }

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 47

I've turned on logging so we should get more granular data into what is going wrong with your application. Looking at this everything seems correct. The only thing that really stands out could be the lack of a missing Accept header, but if it was working in the past I don't see how this could cause anything.

0 Likes
Highlighted
Shopify Partner
32 0 7

Hi,

I just ran a request through. What is it saying? What should the accept header say? application/json?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 47

What should the accept header say? application/json?

Yes

0 Likes
Highlighted
Shopify Partner
32 0 7

OK, I added it. If there are issues, I'll let you know tomorrow.

0 Likes
Highlighted
Shopify Partner
32 0 7

Hi,

OK, error changed. Does this expire after a few seconds? I tried this on cloudcartconnector.com, then I tried it on localhost:7777. Is that why this error occurs? Perhaps it will fix itself tomorrow. I appreciate the help.

POST https://jmatestshop.myshopify.com/admin/oauth/access_token HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: jmatestshop.myshopify.com
Content-Length: 127
Expect: 100-continue

client_id=427eb2e294b8d7e554778c19df777692&client_secret=XX&code=39d3033e457e573fcff17c6c018c7c13

HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 13 Jan 2015 22:33:57 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 400 Bad Request
X-XSS-Protection: 1; mode=block; report=/xss-report/6e36adc2-5846-4d9f-a427-9113017525a0?source%5Baction%5D=access_token&source%5Bcontroller%5D=admin%2Foauth&source%5Bsection%5D=admin
X-Content-Type-Options: nosniff
X-ShopId: 2981797
X-ShardId: 3
X-Frame-Options: SAMEORIGIN
X-Request-Id: 6e36adc2-5846-4d9f-a427-9113017525a0


{"error":"invalid_request"}

0 Likes