Problem with OAuth2 Exchanging Code for Access Token
Robert Aaron
I am working in VBA with MS-Access. I can successfully receive a OAuth2 authorization code in a redirect uri, but I can't exchange it for the access token.
I have the following VBA code to do this. I have tried to adapt your example on your page, http://apidocs.mailchimp.com/oauth2/.
Public Function GetOAuth2Token(URL As String, apikey As String, ClientSecret As String, code As String, RedirectURI As String) As String
Dim cli As Object
Set cli = CreateObject("WinHttp.WinHttpRequest.5.1")
URL = URL & "?grant_type=authorization_code&client_id=" & apikey & "&client_secret=" & ClientSecret & "&code=" & code & "&redirect_uri=" & RedirectURI
Debug.Print URL
cli.Open "POST", URL, False
cli.setRequestHeader "User-Agent", "oauth2-draft- v10"
cli.setRequestHeader "Host", "login.mailchimp.com"
cli.setRequestHeader "Accept", "application/json"
cli.setRequestHeader "Content-Length", "198"
cli.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
cli.send
rText = cli.ResponseText
Set cli = Nothing
GetOAuth2Token = rText
Debug.Print GetOAuth2Token
End Function
The URL I am constructing below seems like it should be right, according to your OAuth2 web page, but the response text that came back for the POST request is gibberish. Removing or changing headers does not help. However I can access your API fine when I get an API key through your interface.
Do I need to put the parameters in the body and not in the query string? If so, what format should I use? Should it be XML or JSON, or just represent the body as a query string? Do you have an example? In the example on your OAuth2 page you seem to be passing parameters using a query string, as below.
grant_type=authorization_code&client_id=635959587059&client_secret=0da3e7744949e1406b7b250051ee1a95&code=1edf2589e664fd317f6a7ff5f97b42f7&redirect_uri=http%3A%2F%2F192.168.1.8%2Foauth%2Fcomplete.php
For all the post requests like listBatchSubscribe() and listBatchUnsubscribe(), I am putting all the parameters in the query string and not in the body, and it works fine. It seems like a POST request for the access token should work the same way.
Is the URL I am using correct? I should not be getting gibberish as a response text if the URL is good, even if the parameters are in the wrong place, but instead I should receive some readable message.
Can you please tell me what I am missing?
Thank you.
Robert Aaron
%`Óú'
"î®Ð?ÇÇûnb f =Ó&9?÷?Íi 'f¶ Ò]?~j * $õèWçÐ Reg??_T1 -ô¼ ÿÿ â;Åoc
dav...@outboundengine.com
David Park
On Thursday, August 8, 2013 2:11:06 PM UTC-5, Robert Aaron wrote:
Robert Aaron
David Park
If there is a setBody function for the cli object you create you could just give it a set of key-value pairs.
Robert Aaron
Robert Aaron
My response text is now:
{"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}
I am putting all my parameters in a JSON body. I am specifying the grant_type.
I am constructing the JSON body with the authorization code received within the allowable 10 seconds. The code below is just to show what I'm sending.
Public Function GetOAuth2Token() As String
Dim cli As Object
Set cli = CreateObject("MSXML2.XMLHTTP")
cli.Open "POST", "https://login.mailchimp.com/oauth2/token", False
cli.setRequestHeader "Content-Type", "application/json"
cli.send "{""grant_type"":""authorization_code"",""client_id"":""xxxxxxxxxxxx"",""code"":""80f13221abf2194f1b836fa87b29e3fc"",""client_secret"":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",""redirect_uri"":""http%3A%2F%2Fyahoo.com""}"
GetOAuth2Token = cli.ResponseText
Can anybody see what I'm missing now?
