Start a new topic

Where am I going wrong with OAuth2?

I'm trying to write my first polling indicator app to pull in data from a 3rd party service. Looking at the GitHub Followers App my architecture seems similar. My Url for MyApp will make calls to the 3rd party service and respond to LaMetric with the appropriate format messages. To make the calls to the 3rd party it'll need the correct OAuth2 tokens, I'm hoping these are passed to it in the polling call after LaMetric has established the OAuth2 setup with 3rdParty.com

 

I've created a "consumer" on the 3rd party giving it "lametric.com" as the application URL and "https://developer.lametric.com/redirect" as the redirect URI. That's given me a "key" and a "secret".

 

On LeMetric, in MyApp I set up the following,

 

Url to get data from: http://myapp.com/myservice.php

 

Authentication: OAuth2

OAuth2 type: "Other"

Client ID: "key"

Client Secret: "secret"

Scope: basic

Authentication URL: https://secure.3rdparty.com/oauth2/authorize?response_type=code

Redirect URI: https://developer.lametric.com/redirect

Token URL: https://secure.3rdparty.com/oauth2/access?grant_type=authorization_code

Response Type: code (this seems to be the only option)

Send Credentials In: Body (although I've tried body&header)

 

(I don't know if I really need response_type and grant_type in those URLs, but the 3rd party says those arguments should be supplied and I don't know which ones LaMetric sends by default)

 

After I've installed my App, on my phone I see "Login - Not Logged in". I click on that and it takes my to a page that says "You need to login for the MyApp to be able to track events" with a "Log In" button. I click "Log In" and it redirects me over to 3rdParty.com's authorization page. "Authorize MyApp to use your account?" I click "Allow" and the window appears to close and I'm back at that LaMetric app "Log In" page. My 3rdParty.com account isn't showing any authorized apps, so it looks like authorization hasn't worked.

 

My myservice.php doesn't seem to be involved in the communication yet either (I don't think I'd expect it to be), although it is being polled periodically - I'm guessing by the Apps page or something similar. There are aren't any request params.

 

So.. what am I doing wrong with this OAuth2 setup? Have I got the correct Redirect URI? Do I need to put response_type and grant_type in those URLs above? Is there any logging anywhere where I can find out what's going on?

 

Thanks,

 

Matt.


This is more of a reminder for myself, but I noticed this URL https://requestb.in/ on a screenshot about fixing the YouTube app. I'd never heard of it before, but it sounds like it'll capture HTTP request data - so I'm going to try and use that to see what 3rdparty.com is posting back, and what lametric.com is posting in.



Did you ever succeed in this?


Not so far Henrik.. I have a support issue logged with LaMetric. I've been moving house too, so a bit too pre-occupied to dig any further into it myself. I'll post back here if/when I get it sorted - or if I find anything else out.

thanks!

Know this an older thread, but just incase anyone is having the same issue and needs to test, the requestb.in site that Matt mentioned above has now been taken down. There is a new service at https://requestbin.com that you can use to test HTTP request data.

Login or Signup to post a comment