OAuth Authentication Failure: Token retrieval returns "Invalid API Version".

[djangok]

I am able to retrieve the temporary code with /api/oauth/2.0/
authorize/

When I try to retrieve the Access Code from /api/oauth/2.0/
access_token/, I receive HTTP 400: Invalid API Version.

I've checked to make sure the format was correct. I tried it with
curl on the command line, and with the python code supplied by Disqus.
(https://github.com/disqus/disqus-api-demos/tree/master/comments)
Both return the same response.

So, some questions:
1. How long does the temporary code last? 10 secs, 10 mins? Does it
time out while I format the request by hand? (I'm just testing right
now.)
2. Is there a problem with the server code at Disqus that is
generating this request?
3. How long are the access tokens good for? I would really like to
allow the Users to authorize my app forever. I can't make them
authorize the app every time they log in.

Kevin

[Michael HP]

i don't have documentation, but during bug testing i halted the
access_token request for at least 20 seconds before successfully
sending it, i'd imagine the code is valid for a little while longer
than that, but that really shouldn't be an issue.

regarding question 3, you should read the documentation a bit
more(http://disqus.com/api/docs/auth/#response), the tokens are valid
for 30days, but you can make an automated process that use the refresh
token to request a new access_token without the user knowing.

> --
> --
> http://groups.google.com/group/disqus-dev?hl=en

[djangok]

Ok, thank you for the response.

The Invalid API Version error went away. Authentication works
perfectly now.

I am encountering an error when trying to use the refresh request you
pointed out to me.

If I try to make a request like the documentation specifies, the API
refuses it, saying redirect_uri is a missing parameter.

If I give it the same redirect_uri as the rest of my authentication
system, it redirects with ?error=unsupported_response_type appended to
the end.

If I pass it response_type=code, then it returns the regular "Would
you like to authorize this app to edit your Disqus forum" page, which
isn't good.

Is there a response type that I should pass into the GET request that
I don't know of?

Kevin

[djangok]

OK, finally figured out the problem.

The documentation for token refresh is wrong on two points.

1. POST to https://disqus.com/api/oauth/2.0/access_token/ NOT GET to
https://disqus.com/api/oauth/2.0/authorize/
2. You must pass client_secret, along with grant_type, client_id, and
refresh_token.

Hopefully the doc can be updated so others won't be confused.

[David Cramer]

We'll definitely get that corrected. Thanks!
--
David Cramer
http://disqus.com/zeeg
http://twitter.com/zeeg

--
--
http://groups.google.com/group/disqus-dev?hl=en

[Vinney K]

Sorry to nudge an old post but I just can't seem to be able to make the access_token request work and I'm at a loss... I'm sending a post similar to:

 

POST https://disqus.com/api/oauth/2.0/access_token/?client_id=...&grant_type=authorization_code&redirect_url=...&client_secret=...&code=123456

 

I keep receiving the error: Missing required parameter: grant_type

 

Did you ever experience this issue? If so, can you share your solution?

 

Thanks,
Vinney

[Anton Kovalyov]

Hey,

You need to send these params in your POST body not as a query string. Sorry about confusion.

Anton

--
--
http://groups.google.com/group/disqus-dev?hl=en

[Vinney K]

I have been trying that as well but, as you had first reported, when I remove all elements from the querystring, I get the invalid api version error. I've tried playing with different configurations where some elements are in the querystring and others are in the body but nothing has worked so far. Do you happen to remember what you did to make the api version error go away?

 

Also, does the content type matter? application/json vs. application/x-www-form-urlencoded vs. ....

 

Thanks!
Vinney

[Vinney K]

Still having trouble with this. I'm testing with Fiddler using the following:

 

POST https://disqus.com/api/oauth/2.0/access_token/ HTTP/1.1

 

Request headers:

User-Agent: Fiddler
Host: disqus.com
Content-Type: application/json
Content-Length: 254

Request Body:

{ client_id = ..., client_secret = ..., grant_type = authorization_code, redirect_url = http://mysite.com, code = ... }

 

The error returned is:

{"error_description": "Missing required parameter: grant_type", "error": "invalid_request"}

I'm literally about to give up hope on Disqus if I can't get this issue resolved within the next day or so. Support is slow at best and the documentation appears to be incorrect. This has been a very frusturating experience.

[Vinney K]

I've also found that if I add all the parameters into the querystring, I get a different error.

 

https://disqus.com/api/oauth/2.0/access_token/grant_type=authorization_code&client_id=...&client_secret=...&redirect_url=http://mysite.com&code=123456adf

 

This produces the "Invalid API version" error. This error occurs whether I use the POST or GET methods.

[David Cramer]

You're not constructing correct HTTP requests.

We currently have a catch-all for /api/* that will go to our API controller, which is why you're seeing Invalid API version.

The authorize code request should look like the following:

POST https://disqus.com/api/oauth/2.0/access_token/

And contain a body like this:

       grant_type=authorization_code&

       client_id=PUBLIC_KEY&

       client_secret=SECRET_KEY&

       redirect_uri=http://www.example.com/oauth_redirect&

       code=CODE

-- 
David Cramer

twitter.com/zeeg

disqus.com/zeeg

--
--
http://groups.google.com/group/disqus-dev?hl=en

[Marcor]

Now I'm using this code:

...

client.DefaultRequestHeaders.Authorization = System.Net.Http.Headers.AuthenticationHeaderValue.Parse("Basic " + base64);

var postData = new List<KeyValuePair<string, string>>();

postData.Add(new KeyValuePair<string, string>("grant_type", "password"));

postData.Add(new KeyValuePair<string, string>("client_secret", App.SECRETKEY));

postData.Add(new KeyValuePair<string, string>("client_id", App.APIKEY));

postData.Add(new KeyValuePair<string, string>("scope", "read,write"));

HttpContent content = new FormUrlEncodedContent(postData);

HttpResponseMessage res = await client.PostAsync("https://disqus.com/api/oauth/2.0/access_token/", content);

and the response is:

{"error_description": "Unallowed grant type: password", "error": "invalid_grant"}

i'm following "Request Access Token" from here:

http://disqus.com/api/docs/auth/ 

[David Cramer]

So you'd have to have an account with password auth enabled to use it. Currently this requires you to submit an application describing

your use case, and we review it and approve it on a case-by-case basis.

-- 
David Cramer

twitter.com/zeeg

disqus.com/zeeg

--
--
http://groups.google.com/group/disqus-dev?hl=en

[Marcor]

Explain to me the procedure please. Where can I submit the application use case?

[Subangkit Ramadiputra]

I've same problem to get access_token

$oauth2token_url = 'https://disqus.com/api/oauth/2.0/access_token/';
$redirect_uri = 'http://community.git.local/sites/all/libraries/disqus-php/oauth.php';
$clienttoken_post = array(
    "grant_type" => 'authorization_code',
    "client_id" => $public_key,
    "client_secret" => $secret_key,
    "redirect_uri" => $redirect_uri,
    "code" => $code
);

$curl = curl_init($oauth2token_url);

curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

$json_response = curl_exec($curl);
curl_close($curl);

But didn't work and give me error message

invalid parameter: code

[Mario Mucalo]

Sorry for bumping an old topic, however...

I have the same problem as Subangkit Ramadiputra (I am working in C#, but same request and same error!)

Anybody figured this one out?