question

itiievskyi avatar image
0 Likes"
itiievskyi asked

OAuth2 fails with code 400 and empty response (PROD only)

Hi,

I created small python library to serve and eBay application and work with clients' orders using access tokens. I used this flow https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html and my application successfully worked for about a month.

But now every time I try to exchange the user's auth code to access token, I get 400 error from eBay API. The main problem is that the response content is empty so I can't see any kind of explanation of what is going on (see response). As for sandbox, all works well. I didn't change anything after ~40 users successfully authorized through my application.


I'll appreciate any help.

oauth2auth-tokenaccess tokenauthorization
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

lapstore-muenster avatar image
1 Like"
lapstore-muenster answered

Solved! My conjecture is that eBay added some low level filters to their proxy on the https://api.sandbox.ebay.com/identity/v1/oauth2/token endpoint to reduce brute force load and those filters now filter out your legit call. As a temporary workaround I now use command line curl (escapeshellarg() for teh win!) for oauth token retrieval.

· 1
10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Thanks for this! I was able to get it work by adding "Host" key to the header and changing my user agent to Postman (instead of python requests that I actually use for making requests). It looks like eBay really blocked 'requests' module calls to prevent brute force attacks, but it's quite weird.

0 Likes 0 ·
lapstore-muenster avatar image
0 Likes"
lapstore-muenster answered

Uh, oh, we actually had an extra white space in the Authorization header nobody noticed, not even the sandbox server.
(e.g. "Authorization : ..." instead of "Authorization: ...")

10 |600 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.