fatal error when taking access and refresh token from authorization code

[mauro.da...@bioimis.com]

When I try to exchange the authorization code for the access and refresh token with the following request

https://openapi.ihealthlabs.eu/OpenApiV2/OAuthv2/userauthorization?client_id=0ab24d44a383402b9a78b75b4e3fb7ab&client_secret=<clientSecret>&grant_type=authorization_code&redirect_uri=https://localhost:8080&code=<authorization code>

I receive the single string error: "fatal error"
without any explanation. Why? Did i do something wrong.
I make a get request with querystring parameters. Do I have to make a post request with body parameters?

In the docs I see I would have to receive a more explaining error. Why I dont receive a more explaining error?

Thanks in advance
Mauro Dalla Zuanna

[mauro.da...@bioimis.com]

Techincal support contacted me. They send me a certificate to include in every request.

[karol.ze...@gmail.com]

Hi, I faced the same problem, and your post showed me the problem, thanks! Can you write how that ceritificate should be added to request?

[mauro.da...@bioimis.com]

I have 2 example. The first is a snippet of code sent me by IHealth support team, the second is my implementation. If you have some doubts just let me know.

===== IHealth support snippet
private string HttpGet(string url)
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
if (url.IndexOf("openapi.ihealthlabs.eu") > -1)
{
string cert = @"D:\cert\idscertificate.p12";
string password = "******";

X509Store certStore = new System.Security.Cryptography.X509Certificates.X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "apiclient_cert", false);
var x5091 = new X509Certificate2(cert, password, X509KeyStorageFlags.MachineKeySet);
request.ClientCertificates.Add(x5091);
}
request.Method = "GET";
request.UserAgent = DefaultUserAgent;

string ResultString = "";
HttpWebResponse httpresponse = request.GetResponse() as HttpWebResponse;
using (StreamReader reader = new StreamReader(httpresponse.GetResponseStream(), System.Text.Encoding.UTF8))
{
ResultString = reader.ReadToEnd();
}
return ResultString;
}

===== My implementation
// I saved the certificate in a varbinary of a db (sql server in my case)
using (IUnitOfWork unitOfWork = new UnitOfWork(new DbContext()))
{
var service = unitOfWork.RepositoryFor<FitnessServices>().GetByID(serviceId);
tokenEndpoint = service.TokenEndpoint;
clientId = service.ClientId;
clientSecret = service.ClientSecret;
certBytes = service.Certificate;
certPassword = service.CertificatePassword;
callbackUrl = Uri.EscapeDataString(service.CallbackUrl);
}

var handler = new WebRequestHandler();
X509Certificate2 cert = new X509Certificate2(certBytes, certPassword);
handler.ClientCertificates.Add(cert);
using (HttpClient client = new HttpClient(handler))
{
var url = $"{tokenEndpoint}?client_id={clientId}&client_secret={clientSecret}&grant_type=authorization_code&redirect_uri={callbackUrl}&code={authorizationCode}";
var response = client.GetAsync(url).Result;
var strResponse = response.Content.ReadAsStringAsync().Result;
var data = JsonConvert.DeserializeObject<dynamic>(strResponse);
if (data.Error != null)
{
string error = (string)data.Error;
string errorDescription = (string)data.ErrorDescription;
throw new ApplicationException(errorDescription);
}
else
{
string APIName = (string)data.APIName;
string accessToken = (string)data.AccessToken;
int expiresIn = (int)data.Expires;
string refreshToken = (string)data.RefreshToken;
string userId = (string)data.UserID;
string clientPara = (string)data.client_para;

return new TokenResponse { AccessToken = accessToken, RefreshToken = refreshToken, ExpiresIn = expiresIn, UserId = userId };
}
}

[mauro.da...@bioimis.com]

The previous post was about exchange authorization code, but for other api call the process is the same.

[karol.ze...@gmail.com]

thanks so much!