Errors exchanging authorization code for access token with AWS Lambda or React

229 views
Skip to first unread message

Trevor Ohlinger

unread,
Apr 7, 2021, 3:56:15 PM4/7/21
to ORCID API Users
Hello,

I'm attempting to exchange the authorization code given to me by Orcid by using a POST request from within AWS Lambda and I am receiving some errors. This integration is using a React.js front-end combined with AWS for the back-end.

I've also been attempting to do the POST from my native React.js application. It gives a CORS error. When I use a proxy to avoid using CORS it gives a 401 error.

I'm not sure the best way to exchange the authorization code. I could use some assistance.

react_native_post_error.PNG
orcid_redirect_lambda_3.PNG
orcid_redirect_lambda_2.PNG
react_native_code.PNG
orcid_redirect_lambda_1.PNG
error lambda post for orcidredirect.PNG

Trevor Ohlinger

unread,
Apr 9, 2021, 1:17:21 PM4/9/21
to ORCID API Users
The AWS Lambda is using Node.js. If you need any additional information please let me know.

Thank you in advance.
Trevor

Angel Montenegro

unread,
Apr 20, 2021, 9:49:26 AM4/20/21
to ORCID API Users
Hi Trevor

I'm Angel, tech lead at ORCID.

I don't see any evident error in your code and nothing that should cause a CORS exception, but, I notice that in your promise you are not including the "Accept" header, these are the params you should specify in your oauth request: 

URL=https://sandbox.orcid.org/oauth/token 
HEADER: Accept: application/json 
HEADER: Content-Type: application/x-www-form-urlencoded 
METHOD: POST 
DATA: client_id=[Your client ID] client_secret=[Your client secret] grant_type=authorization_code code=Six-digit code redirect_uri=[Your landing page]

Here is our docs for more info.
Do you have your code in a git repo so I can take a quick look?

Thanks
Angel Montenegro

Angel Montenegro

unread,
Apr 20, 2021, 10:00:48 AM4/20/21
to ORCID API Users

Trevor Ohlinger

unread,
Apr 20, 2021, 5:30:10 PM4/20/21
to ORCID API Users
Thanks for taking a look, Angel. I do have a git repo and it is located here: https://github.com/trevorohlinger/Orcid-React.git

I've been told by my colleagues that I should use AJAX to post the code to my AWS Lambda function. From there exchange the code with OAUTH before I get the access tokens from ORCID.

My React code is a bit of a mess, so I apologize if it's confusing.

Thanks,
Trevor

Montenegro, Angel

unread,
Apr 20, 2021, 6:06:11 PM4/20/21
to Trevor Ohlinger, ORCID API Users
Hi Trevor, 

It is indeed a bit of a mess and I couldn't find the problem from the code.

So, you successfully get the authorization code from the user, then, you send that authorization code to an AWS lambda function and from there you POST the authorization code to the ORCID token endpoint, is that correct?

I don't see how that could cause a CORS error, however, have you tried using the public API endpoint instead of the default one?

So, you are exchanging your auth code in https://sandbox.orcid.org/oauth/token, have you tried exchanging it in https://pub.sandbox.orcid.org/oauth/token?

Lets try this, please go ahead and get an authorization code, then, exchange it using the following CURL: 

curl -i -L -k -H 'Accept: application/json' --data 'client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&grant_type=authorization_code&redirect_uri={REDIRECT_URI_USED_TO_GET_AUTH_CODE}&code={AUTH_CODE}' https://pub.sandbox.orcid.org/oauth/token

Please notice all the placeholders, change them for your client id, client secret, redirect uri and authorization code; if that works fine for you, update your code to use the same URL as the above CURL and try again; if you still get errors, please send me some screenshots and we can continue the discussion.

--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orcid-api-users/e7c952a9-7a30-434b-b43f-9b3defe26c92n%40googlegroups.com.

Trevor Ohlinger

unread,
Apr 21, 2021, 3:20:00 PM4/21/21
to Montenegro, Angel, ORCID API Users
That process is what I'd like to do. As it is right now I was attempting to POST the authorization code straight from React and alternatively straight from AWS Lambda. So far it is giving me the prior errors.

I tried using curl once I received the authorization code, as you recommended. It is giving me several errors with the curl strings. I tried it in a few different ways, including with and without .pub as a part of the URL. Here are some of the errors I am getting with Curl:

curl errors.PNG
Here are some errors after I added -url to the curl command:
curl errors 2.PNG

Let me know if you'd like more information.

Thanks,
Trevor
--
Trevor Ohlinger
Albertsons Library - Library Computer & Information Systems
Boise State University
Office: Library 208-C




Montenegro, Angel

unread,
Apr 21, 2021, 3:39:13 PM4/21/21
to Trevor Ohlinger, ORCID API Users
Ok, cool, I think we are doing some progress here ... a couple of things: 

- The authorization code can be exchanged just once and it is valid for 1 hour IIRC, so, you can get an access token once and then you should get another authorization code.
- You are in Win 10 right? Is that the win CMD? if so, please use double quotes " instead of single quotes '

The error you see might be related to the way Win interpret the quotation marks, here are some more tips on how to fix that problem: https://helpdeskgeek.com/how-to/fix-not-recognized-as-an-internal-or-external-command/

Trevor Ohlinger

unread,
Apr 21, 2021, 5:30:17 PM4/21/21
to Montenegro, Angel, ORCID API Users
I am using cmd in Windows 10. I changed to double quotes and I'm getting a better result. For some reason it's telling me the redirect uri is mismatched now. I used the redirect that gets me the initial code: https://spm35eaceb.execute-api.us-west-2.amazonaws.com/dev/callback Here is the result:
curl errors 4.PNG
This is an endpoint for one of my AWS Lambda functions. Perhaps this needs to be added as one of our redirects. 

I am also using https://localhost:3000/ as the main redirect after the process is completed. This doesn't work either though. It gives me the same error.
curl errors 3.PNG
I'm not sure what to try next with CURL.

Thanks,
Trevor

Montenegro, Angel

unread,
Apr 22, 2021, 11:47:22 AM4/22/21
to Trevor Ohlinger, ORCID API Users
Hey Trevor, we are getting there! 

So, you send the redirect uris inside "{}" I think that could be the problem, could you please remove those?

BTW at this point the authorization code you used might be expired, so, please issue a new one. 

Trevor Ohlinger

unread,
Apr 22, 2021, 2:37:22 PM4/22/21
to Montenegro, Angel, ORCID API Users
I tried running it with and without the brackets and it still says "Redirect URI Mismatch." I tried multiple redirect uris as well.

I'm also attempting to post to my lambda and then exchange the code from there. 

Thanks,
Trevor

Montenegro, Angel

unread,
Apr 22, 2021, 3:11:26 PM4/22/21
to Trevor Ohlinger, ORCID API Users
Hey Trevor, 

Looking at our logs, it looks you are using the redirect url " https://localhost:3000/access" so, thats the one you should send to our servers, exactly like that "https://localhost:3000/access".

Please update the redirect url to  https://localhost:3000/access and let me know how it goes.

Thanks

Trevor Ohlinger

unread,
Apr 23, 2021, 12:47:21 PM4/23/21
to Montenegro, Angel, ORCID API Users
Looks like that curl string worked after changing the redirect URI to https://localhost:3000/access
curl success.PNG

Now I'm not sure what I can do to make this work on my backend. I need to get this working within my AWS Lambda function if possible.

Thanks,
Trevor

Montenegro, Angel

unread,
Apr 23, 2021, 1:51:14 PM4/23/21
to Trevor Ohlinger, ORCID API Users
So, you should do exactly the same from your Lambda, I bet the problem is that you were sending an invalid redirect uri? Try sending it to pub.sandbox.orcid.org instead of sandbox.orcid.org and let me know how it goes.

Trevor Ohlinger

unread,
Apr 23, 2021, 7:06:18 PM4/23/21
to Montenegro, Angel, ORCID API Users
Hello Angel,

I've attempted to POST using AWS Lambda and continue to see the CORS error. I did try using pub.sandbox.orcid.org, but it doesn't seem to change anything on my end. I will continue trying to work this piece out. Once this is complete Boise State's Orcid integration should be at a testable state. It's just very important for us to get this next step working. Any help you can provide is greatly appreciated.

Here is the error:
cors error 2.PNG

Thanks,
Trevor

Trevor Ohlinger

unread,
Apr 29, 2021, 7:45:01 PM4/29/21
to Montenegro, Angel, ORCID API Users
My apologies for the delay, I've been out of the office the last few days. I managed to figure out how to get the POST to go through AWS Lambda, with help from a colleague. It looks like ORCID is now returning the information I was looking for from my sandbox dummy account.

image.png
I will attach my working POST request as well. Hopefully it can help someone else in the future.

Thank you very much for your help!

Trevor

On Mon, Apr 26, 2021 at 8:38 AM Montenegro, Angel <a.mont...@orcid.org> wrote:
Hey Trevor, 

Could it be that you have to enable CORS in AWS? https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html if you see the CORS error happen between the AWS machine and your localhost, so, the ORCID API is not the cause of the problem.
working lambda orcid post request part 1.PNG
working lambda orcid post request part 2.PNG

Montenegro, Angel

unread,
Apr 29, 2021, 7:58:58 PM4/29/21
to Trevor Ohlinger, ORCID API Users
Awesome! great news, thanks a lot Trevor!!!
Reply all
Reply to author
Forward
0 new messages