Been using Auth n Auth on a my Production Keys for many years. Just enabled the same keys for oauth. Setup everything ok I think. Do the initial request via my software to get the initial code, and that is returned ok. I take that code and push it back to get a token, but I'm getting
"error":"invalid_request","error_description":"request is missing a required parameter or malformed."}
In my header I've got the Authorization added along with the "Basic <SPACE> Base64(clientid:clientsecret)
In the body of the request I've got the grant_type = authorization_code, I've got the redirect_uri set as the same value as the one I've used when seconds earlier generating the original code request and I've got the code just generated as well.
I should also add that this exact code (in terms of sorting out oAuth) I've used on all of the other integrations I have with other software, (Adobe, Quickbooks, MSGraph) and all are working ok. However for eBay - it's not.
I've used Postman to check my settings and they appear to be working in the main - so it's obviously something I'm not compensating for which eBay does different to the other companies we're already integrated with.
My guess at this stage is that it's to do with encoding.
So my question(s) are:
1) When pushing over the initial scope requirement would that look like
&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.fulfillment
for example?
2) When setting the authorization header on the token request, shoudl it be:
"Basic<space>BASE64(<clientid>:</clientsecret>). I.e the colon is part of the encoded string and the entire string passed into the authorization has a single space between the word Basic and then encoded string and that's it?
3) The returned code from the initial request. That arrives in the querystring already encoded. How is that passed BACK in the token request.
Here's an example of a made up token I've pulled together.
This is how it comes as part of the QS:
v^1.1%23i^1%23f^0%23r^1%23p^3%23I^3%23t^Ul41XzA6MzEwMjBBNkU4NzNBMjE0RTM1MDMzMDBGNzQ2MEVFRjJfMV8xI0VeMjYw
If I decode it, I would get:
v^1.1#i^1#f^0#r^1#p^3#I^3#t^Ul41XzA6MzEwMjBBNkU4NzNBMjE0RTM1MDMzMDBGNzQ2MEVFRjJfMV8xI0VeMjYw
Which would be the one I should be pushing back?