Please show your OAuth2 Authorize step, want to see scopes and params
Hmm something does not look right, when you run the first part which is working to get the code what does the URL look like code=flkjsdhfjhgsdljkghlasdhagjh708597432089534hkjhdgfkj
Ok so lets try this, add a $_GET variable to your Action, and just name it code
In your Authorize step change code_challenge to {{$_GET.code}}
I get the following error from the Microsoft login page: “AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.”
Well that sounds like a step in the right direction, try this
change {{$_GET.code}} to {{$_GET.code.urldecode()}}
You can not use the data binding formatters for .urldecode() as yet, it is in the Wappler files but not yet working in ASP as far as I know, so they will not add it to the GUI till all platforms have the same options available.
Same error. From what I understand from the code auth flow documentation (I’ve attached in my original post), the code challenge needs to be sent to the authorization endpoint. I don’t think it’s something received from the auth endpoint and then sent to the token endpoint which is what I’m gathering the $_GET.code variable is doing.
Ok lets try change a few things
OAuth2 Authorize step
Change param code_challenge to just say code
add a new param called grant_type with a value of authorization_code
Okay. Quick question. When saving changes to the DO server, I’ve been re-deploying every time. Is this necessary, or can I save directly from wappler and it will make the changes in the DO server?
Should the grant_type be in the authorize step or in the provider as a parameter?
Sorry you have to redeploy, cant just save to the remote DO server, make sure from time to time to do a docker system prune via the inbuilt Wappler SSH console.
In the Authorize Params area
I made those changes in the authorize step and I got the same Proof Key error. I think I need to add the code challenge back for the authorization endpoint?
try it, maybe add it as another parameter, so have
code {{$_GET.code.urldecode()}}
redirect_uri https://www......
code_challenge {{var_code_challenge}}
If still not working switch
code {{$_GET.code.urldecode()}} to code {{$_GET.code}}
I will try that. If I can’t get that to work I need to move onto some other work at the moment. Got a tropical storm coming in and have some stuff I need to get done before possible loss of power for the next couple days!
If you could let me know your thought process, maybe I could do some troubleshooting on my own and let you know how that goes. The authorization provider and authorize action is kind of a black box to me since in the docs it’s explained in just a straightforward facebook example. I’m not sure how Wappler is making it function in a server action, so it’s hard for me to troubleshoot.
I saw that too, but I think by assigning a web redirect you are using implicit grant and not code auth flow. That is something I tried before as a solution and I came to the same problem I’m having now. I was having the same “Proof Key” issue before I created a code_challenge.
Well in my head from the moment we started getting the new error, we actually had everything correct in the Wappler setup, you just need to adjust the Redirect URIs now in the Web section as that screenshot shows and all should work.
Once it does you can remove different parts of scopes and params and see if it works, also make sure the Web Redirect URI points to the path of your actual script itself, https://www.domain.com/api/oauth_login, this should also be identical to the OAuth2 Authorize steps Params for redirect_uri, they need to match up.
