'code' parameter sent to callback looks broken #1

Closed
vladimirbazhanov opened this Issue Dec 7, 2012 · 2 comments

Comments

Projects
None yet
2 participants
@vladimirbazhanov

Hi! I'm working now on StockTwits API implementation into my current project and I think I found a bug (or a strange feature) Please, take a look to the problem:

  1. I want to get access token for authenticated user. I'm using this manual http://stocktwits.com/developers/docs/authentication, for server-side method.

  2. If I understand correctly, in step 4 of that manual I need 'code' parameter and I can access it inside 'callback' controller. I have default callback contoller, created by Devise and omniauth manuals. I just add next lines to controller:

    token_call = %x[curl -X POST https://api.stocktwits.com/api/2/oauth/token -d 'client_id=#{APP_CONFIG['omniauth']['stocktwits']['key']}&client_secret=#{APP_CONFIG['omniauth']['stocktwits']['secret']}&code=#{params[:code]}&grant_type=authorization_code&redirect_uri=http://my.correct.redirect_url']
    logger.debug(token_call)
    
  3. ...and I always get this message in logs:0001

    {"response":{"status":400},"error":"invalid_grant","errors":["code doesn't exist or has expired"],"error_description":"code doesn't exist or has expired"}
    

So, please, let me know - that 'code' parameter is THE SAME 'code' that described in authorization manuals? May be you have any ideas why it can be incorrect, not existed or expired just after redirecting? Thanks!

@jesseyoungmann

This comment has been minimized.

Show comment Hide comment
@jesseyoungmann

jesseyoungmann Dec 7, 2012

Owner

Hi!
Please correct me if I seem to misunderstand you or this problem.

Omniauth-stocktwits implements an OAuth2 authentication strategy, and should be abstracting away the details of authentication, so you shouldn't have to ever manually follow the authentication steps you linked to, or send the code parameter.

Once you're inside the devise omniauth_callbacks_controller.rb, you should already have a valid access_token, which devise makes available through the auth hash request.env['omniauth.auth'] at request.env['omniauth.auth']['credentials']['token'].

In that controller you would usually then save the access_token and stocktwits user id (request.env['omniauth.auth']['uid']) in that user's model (or an associated model, if you have multiple ways of authenticating through omniauth), for logging in with in the future, as well as for using the access token to make API calls.

If you want to make API calls to StockTwits beyond just authenticating, I would suggest using OAuth2::AccessToken and the OAuth2 gem in general rather than using curl.

Owner

jesseyoungmann commented Dec 7, 2012

Hi!
Please correct me if I seem to misunderstand you or this problem.

Omniauth-stocktwits implements an OAuth2 authentication strategy, and should be abstracting away the details of authentication, so you shouldn't have to ever manually follow the authentication steps you linked to, or send the code parameter.

Once you're inside the devise omniauth_callbacks_controller.rb, you should already have a valid access_token, which devise makes available through the auth hash request.env['omniauth.auth'] at request.env['omniauth.auth']['credentials']['token'].

In that controller you would usually then save the access_token and stocktwits user id (request.env['omniauth.auth']['uid']) in that user's model (or an associated model, if you have multiple ways of authenticating through omniauth), for logging in with in the future, as well as for using the access token to make API calls.

If you want to make API calls to StockTwits beyond just authenticating, I would suggest using OAuth2::AccessToken and the OAuth2 gem in general rather than using curl.

@vladimirbazhanov

This comment has been minimized.

Show comment Hide comment
@vladimirbazhanov

vladimirbazhanov Jan 4, 2013

Hello!

Thank you for your help, your reply helped me find the reasion of my problem. Yes, you were absolutely right, there was no need to run the auth steps manually, access_token is correct.

I found what was causing errors. Your gem works great, thank you!

Hello!

Thank you for your help, your reply helped me find the reasion of my problem. Yes, you were absolutely right, there was no need to run the auth steps manually, access_token is correct.

I found what was causing errors. Your gem works great, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment