New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Magento 2 - OAuth Problem = Consumer Key Has Expired #13961
Comments
Hello @itsabe. Thanks for reporting. Please confirm us that You have everything OK with those settings in Your Magento Backend: Stores->Configuration->Servises->OAuth->Consumer Settings section. |
@itsabe, then please confirm that Expiration period of 300 sec. for Consumer Settings was enough for You, so that Consumer key/secret You got while creating (activating) the integration was not yet expired when You sent /oauth/token/request. Thank You. |
@magento-engcom-team yes, it is enough. I even just created another integration, and send a POST to /oauth/token/request and got the same response of consumer key has expired. This was all done within 2 minutes. |
Also, I stumbled upon #12032 from back in Nov 2017, but have not seen any updates on it. |
@itsabe , thank you for your report. |
Is there any work around? Or am I unable to connect to the API? |
I found the source of my issue. Upon creating the integration and activating it, I get a consumer key, consumer secret, access token, and access token secret. So, technically, I can just skip the "Get Access Token" step of the authentication. I was able to successfully make API calls with the provided access token. If I created the integration with an Identity link URL, then the access token and access token secret is not supplied. And when I made a request to /oauth/token/request, I got the access token and secret as a response. If this was the intended process, then my apologies for misinterpreting the documentation. |
Hello guys, I have exactly the same issue on Magento 2.2.3. Many hours trying to understand what's wrong. |
@Lapinou42 Are you still experiencing the issue? When you create the integration and activate it through Magento backend, you can use the access token they provide you to make the API calls. |
Yes, I do. Actually, I want to create an integration to use with my Android / iOS application using OAuth1.0a. I want to generate an access token by user, so simply use Consumer Key, Consumer Secret, RequestTokenUrl and AccessTokenUrl should be enough to generate an access token. Maybe I'm wrong. I don't know. |
@Lapinou42 When you create the integration on Magento backend (System > Integrations), do you enter a Identity link URL? If you have that field filled in, then you should be able to get the access token by making a request to /oauth/token/request. |
@itsabe No. I didn't ! I'll try that and let you know if something wrong ;) Thank you :) |
@itsabe I tried with Identity link URL, still having same issue. Then I changed Store > Settings > Configuration > Services > OAuth > Consumer Settings > Expiration Period to 1000000000000 Now I am getting the result as |
@maniram1804 what if you unchecked the "Add empty parameters to signature" option? |
@itsabe still same result. |
Did already someone do some bisecting here? Is this an actual regression (did it work before?) or is it just with the new feature and it is not properly integrated in the code? |
is there any updates here? |
Nope. Stopped using Magento. |
I can confirm, we contributors can not close any issues or PRs anymore so we have to ping someone from the maintainer teams. |
I'm unable to reproduce this issue. There are two possible scenarios for using OAuth for Magento integrations. Access allowed resources by using generated keysNew integration can be created using the described steps. OAuth-based authentication - DevDocsThis approach requires to follow the instruction from DevDocs. Example demo script with OAuth client can be found here https://gist.github.com/paliarush/4c2bfa81ebef57305ba4 |
@lenaorobei I guess your the comment was for me? :) The issue was actually encountered by a colleague of mine from different SI (I am just a Messager here :)). @qsolutions-pl maybe you can give some more inputs for Lena? |
I'm currently debugging this on my end, 2.3.5 version, will send an update once I finish |
@lenaorobei @ihor-sviziev
So... basically I cannot replicate the issue today, even though yesterday it was clear :( In my humble opinion the documentation needs to be updated how From looks of it, yesterday (and reported problem on github) comes from not clear instructions
So here is (I belive so) the REAL issue with this:
after you "Authorize" it in backend, field updated_at in database remains empty I think Magento should not authorize an application without endpoints and without checks for callback, or a "self-authorization" needs to be fixed on code level to specify "updated_at" with right value. There is a second issue with this, but it is also related to wrong date calculations. I will get to it with more details once I double check. |
@lenaorobei seems the issue is still there and valid. More details were provided. Is there a chance you can check internally the situation? Thank you in advance! |
@qsolutions-pl @PiotrSiejczuk |
DevDocs updated with examples on when to use different authorization methods: https://devdocs.magento.com/guides/v2.3/get-started/authentication/gs-authentication.html#web-api-clients-and-authentication-methods |
This is still present in Magento 2.3.5 and Magento 2.3.6. More than 2.5 years of a known bug and it isn't fixed. If you enter a space into the "callback URL" field, this error will go away. The issue is having a NULL value in the oauth_consumer.callback_url column. |
Hi @lylesback2, |
Seems this issue is present in 2.4 as well. |
Hi @ringwood-dsg, According to #13961 (comment) the issue was already solved by updating the docs: |
You are likely generating the key/secret and using that to try and authorize. The flow of Magento is different from other marketplaces. Under the store admin > System > Integrations > Add New Authorization The identify URI will be called next, use the credentials you captured to send a request to store_url.com/oauth/token/request Hope this helps. Let me know if you want me to provide PHP example code. |
Thank you for clearing this up for me. I find your explanation regarding the sequence of events a lot helpful than the official manual, to be quite honest. We're integrating our .NET application with Magento, but what I am unsure of is the parameters being passed to the Callback URL? I see the manual references it like this:
Am I correct in saying that when our callback URL is being called, that the parameters will be named exactly as they are referenced above? |
Yes, those variables will be posted exactly as that to the callback link. |
Thank you so much for taking the time to assist me here. I'll continue on from here and get our integration completed using your instructions. You are definitely the Magento King and my hero! |
can u please gie me a clear example? i have the same issue and i can not resolve it |
I tried creating Integration with the Identity link, it still creates access token and token secret on activation. and before activation if I try to hit /oauth/token/request, it throws Consumer+key+expired, how to fix this issue, please help. |
Look at my comment here: #13961 (comment) |
It's been almost 6 years since this was created, it's been marked as closed even though the issue was never actually resolved. The lack of care Magento have for their codebase is second to none. I'd normally be happy to try and help fix things like this, but if you can't be bothered after 6 years, why should I. |
Preconditions
Steps to reproduce
/oauth/token/request
Expected result
Actual result
I tried it with two different integrations, both are activated, and both return the same response of "consumer key has expired"
The text was updated successfully, but these errors were encountered: