Google Groups

Re: OAuth Authentication Failure: Token retrieval returns "Invalid API Version".


djangok Nov 20, 2011 9:16 PM
Posted in group: Disqus Developers
OK, finally figured out the problem.

The documentation for token refresh is wrong on two points.

1. POST to https://disqus.com/api/oauth/2.0/access_token/ NOT GET to
https://disqus.com/api/oauth/2.0/authorize/
2. You must pass client_secret, along with grant_type, client_id, and
refresh_token.

Hopefully the doc can be updated so others won't be confused.

On Nov 20, 11:03 pm, djangok <kevincheval...@gmail.com> wrote:
> Ok, thank you for the response.
>
> The Invalid API Version error went away.  Authentication works
> perfectly now.
>
> I am encountering an error when trying to use the refresh request you
> pointed out to me.
>
> If I try to make a request like the documentation specifies, the API
> refuses it, saying redirect_uri is a missing parameter.
>
> If I give it the same redirect_uri as the rest of my authentication
> system, it redirects with ?error=unsupported_response_type appended to
> the end.
>
> If I pass it response_type=code, then it returns the regular "Would
> you like to authorize this app to edit your Disqus forum" page, which
> isn't good.
>
> Is there a response type that I should pass into the GET request that
> I don't know of?
>
> Kevin
>
> On Nov 19, 5:23 am, Michael HP <wus...@gmail.com> wrote:
>
>
>
>
>
>
>
> > i don't have documentation, but during bug testing i halted the
> > access_token request for at least 20 seconds before successfully
> > sending it, i'd imagine the code is valid for a little while longer
> > than that, but that really shouldn't be an issue.
>
> > regarding question 3, you should read the documentation a bit
> > more(http://disqus.com/api/docs/auth/#response), the tokens are valid
> > for 30days, but you can make an automated process that use the refresh
> > token to request a new access_token without the user knowing.
>
> > On Fri, Nov 18, 2011 at 8:25 PM, djangok <kevincheval...@gmail.com> wrote:
> > > I am able to retrieve the temporary code with /api/oauth/2.0/
> > > authorize/
>
> > > When I try to retrieve the Access Code from /api/oauth/2.0/
> > > access_token/, I receive HTTP 400: Invalid API Version.
>
> > > I've checked to make sure the format was correct.  I tried it with
> > > curl on the command line, and with the python code supplied by Disqus.
> > > (https://github.com/disqus/disqus-api-demos/tree/master/comments)
> > > Both return the same response.
>
> > > So, some questions:
> > > 1. How long does the temporary code last?  10 secs, 10 mins?  Does it
> > > time out while I format the request by hand?  (I'm just testing right
> > > now.)
> > > 2. Is there a problem with the server code at Disqus that is
> > > generating this request?
> > > 3. How long are the access tokens good for?  I would really like to
> > > allow the Users to authorize my app forever.  I can't make them
> > > authorize the app every time they log in.
>
> > > Kevin
>
> > > --
> > > --
> > >http://groups.google.com/group/disqus-dev?hl=en