Callback URL for non web applications

[wilbarclay]

Is it possible for the callback URL to be a web page hosted with the nopCommerce website that displays the authorization code?

This is how our application works with the Xero API: https://developer.xero.com/documentation/auth-and-limits/public-applications

1. Request Authorization Code
2. Issue authorisation URL
3. Open URL which displays Authorization Code
4. User copies authorization code into client
5. Send request with authorization code
6. Grant Access

Or instead of steps 1,2 and 3
Open Request Authorization Code URL: https://nopsite.com/oauth/authorize?client_id=xxx&client_secret=xxx

[wilbarclay]

@poyker can you give any update on this? if it is a no that is fine, i will have to use another solution. Thank you

[bnoffer]

Here is a code snippet using RestSharp that does the job:

string url = "https://www.yourstore.com";
string client_id = "client_id";
string client_secret = "client_secret";
//request token
var restclient = new RestClient(url);
RestRequest request = new RestRequest("/oauth/authorize") { Method = Method.GET };
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_id", client_id);
request.AddParameter("response_type", "code");
var tResponse = restclient.Execute(request);
var code = tResponse.ResponseUri.Query.Replace("?code=", "");

request = new RestRequest("/api/token") { Method = Method.POST };
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_id", client_id);
request.AddParameter("client_secret", client_secret);
request.AddParameter("code", code);
request.AddParameter("grant_type", "authorization_code");
tResponse = restclient.Execute(request);
var responseJson = tResponse.Content;
var token = JsonConvert.DeserializeObject<Dictionary<string, object>>(responseJson)["access_token"].ToString();

In order for this to work you have to configure the CallBack URL to be your stores Url, in the example it is: https://www.yourstore.com

[wilbarclay]

thank you @bnoffer that is perfect.

I am having trouble with the second request though :(

[bnoffer]

Hi @wilbarclay ,

1. check if your credentials are correct (client_id & client_secret)
2. check if the first request provided you with the code (should be a GUID)

If the issue still persists try uninstalling and reinstalling the API Plugin. That solved an issue for me.

I attached my current ApiClient class for further reference.
ApiClient.cs.zip

The AuthorizeClient method works just fine on my install now, same goes for the GET method. The Post and Put are currently work in progress.

[wilbarclay]

Yes the first request works and passes back the GUID code.

I will try reinstalling tomorrow, thank you.

[wilbarclay]

Hi @bnoffer

Reinstalling didn't fix it, passes back the code but getting the same error on the token request.

I am using nop 3.80

[bnoffer]

I am using 3.80 as well.

The error that your screenshot displays normally happens if something went wrong handling the request on the Nop side. I had this happen at the first stage with the OAuth path, wich was not registered properly, which was fixed by the reinstall.

Please check your Admin area > System > Warnings and System > Log for more information on the error.

[lculjak]

I am using the code spinet with RestSharp. It is working perfect but is it possible that after sometime inactive I get /oauth/authorize response BadRequest 'Bad Request' ?

if I deploy the website, the error is fixed, but then is back.

[darcyreimer]

In the ClientService class, include support for the ClientCredentials grant type (in the InsertClient() method):

new ClientGrantType() { Client = client, GrantType = OidcConstants.GrantTypes.ClientCredentials }

You can then use the method described at the bottom of the Protecting an API using Client Credentials document to access the API:

        // discover endpoints from metadata
        var disco = await DiscoveryClient.GetAsync("http://nopcommerceservername:portnumber");

        if (disco.IsError)
        {
            Console.WriteLine(disco.Error);
            return;
        }

        // request token
        var tokenClient = new TokenClient(disco.TokenEndpoint, "<<client ID>>", "<<client secret>>");
        var tokenResponse = await tokenClient.RequestClientCredentialsAsync("nop_api");

        if (tokenResponse.IsError)
        {
            Console.WriteLine(tokenResponse.Error);
            return;
        }

        Console.WriteLine(tokenResponse.Json);

        // call api
        var client = new HttpClient();
        client.SetBearerToken(tokenResponse.AccessToken);

        var response = await client.GetAsync("http://nopcommerceservername:portnumber/api/customers");
        if (!response.IsSuccessStatusCode)
        {
            Console.WriteLine(response.StatusCode);
        }
        else
        {
            var content = await response.Content.ReadAsStringAsync();
            Console.WriteLine(JArray.Parse(content));
        }

[divyang-desai]

@bnoffer, Any update for nopCommerce 4.0? as I add above code snippiest in 4.0, nopCommerce store stops running.