question

mtm81 avatar image
0 Likes"
mtm81 asked

how to further bug hunt? - :request is missing a required parameter or malformed.

Been using Auth n Auth on a my Production Keys for many years. Just enabled the same keys for oauth. Setup everything ok I think. Do the initial request via my software to get the initial code, and that is returned ok. I take that code and push it back to get a token, but I'm getting
"error":"invalid_request","error_description":"request is missing a required parameter or malformed."}

In my header I've got the Authorization added along with the "Basic <SPACE> Base64(clientid:clientsecret)

In the body of the request I've got the grant_type = authorization_code, I've got the redirect_uri set as the same value as the one I've used when seconds earlier generating the original code request and I've got the code just generated as well.


I should also add that this exact code (in terms of sorting out oAuth) I've used on all of the other integrations I have with other software, (Adobe, Quickbooks, MSGraph) and all are working ok. However for eBay - it's not.

I've used Postman to check my settings and they appear to be working in the main - so it's obviously something I'm not compensating for which eBay does different to the other companies we're already integrated with.


My guess at this stage is that it's to do with encoding.

So my question(s) are:

1) When pushing over the initial scope requirement would that look like

&scope=https%3A%2F%2Fapi.ebay.com%2Foauth%2Fapi_scope%2Fsell.fulfillment

for example?


2) When setting the authorization header on the token request, shoudl it be:

"Basic<space>BASE64(<clientid>:</clientsecret>). I.e the colon is part of the encoded string and the entire string passed into the authorization has a single space between the word Basic and then encoded string and that's it?


3) The returned code from the initial request. That arrives in the querystring already encoded. How is that passed BACK in the token request.
Here's an example of a made up token I've pulled together.
This is how it comes as part of the QS:
v^1.1%23i^1%23f^0%23r^1%23p^3%23I^3%23t^Ul41XzA6MzEwMjBBNkU4NzNBMjE0RTM1MDMzMDBGNzQ2MEVFRjJfMV8xI0VeMjYw

If I decode it, I would get:
v^1.1#i^1#f^0#r^1#p^3#I^3#t^Ul41XzA6MzEwMjBBNkU4NzNBMjE0RTM1MDMzMDBGNzQ2MEVFRjJfMV8xI0VeMjYw


Which would be the one I should be pushing back?





apitoken
· 3
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

mtm81 avatar image mtm81 ·

ok, in a further "development" - when using postman, rather than the error above, I'm getting :

{ "error": "invalid_client", "error_description": "client authentication failed"}


So, for my request in my application - it would appear that I'm malforming something (I suspect it's the code request) and within postman - it doesn't like my details

0 Likes 0 ·
mtm81 avatar image mtm81 mtm81 ·

hello?

0 Likes 0 ·
all_vintage_cards avatar image all_vintage_cards mtm81 ·
any luck here? I'm having the same issues!
0 Likes 0 ·

1 Answer

·
mtm81 avatar image
0 Likes"
mtm81 answered

Sorry no - in the end just went back to AuthnAuth - worked like a dream first time.

· 1
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

all_vintage_cards avatar image all_vintage_cards ·
Gotya thanks..i am being sort of forced to use the Oauth as I've been on Finding API which is being deprecated at the end of the year.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.