Issue with oauth2.0 access token

[Norman Firkins]

Hi there,

I am new to sage APIs, but I have worked with OAuth2.0 before. I keep getting the following error when requesting an access token: "The auth code you transmitted has an unexpected format".

Here is my request below:

url = 'https://oauth.accounting.sage.com/token'
    payload = {'client_id': client_id,
               'client_secret': client_secret,
               'grant_type': 'authorization_code',
               'code': accesstoken,
               'redirect_uri': redirect_uri,
               'code_verifier': code_verifier
               }
    files = []

    headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    response = requests.request("POST", url, headers=headers, data=payload)

This is the response I get:

{'$dataCode': 'DataParsingError',
 '$message': 'The auth code you transmitted has an unexpected format.',
 '$severity': 'error',
 '$source': 'Proxy'}

 

[Ben Smith]

Hi Norman,

Welcome to the community 🙂

The Accounting API uses OAUTH 2.0 with an authorization code grant type, which requires 2 stages to obtain a valid access token. 

The initial step is to make an authorization request to https://www.sageone.com/oauth2/auth/central?filter=apiv3.1

You must include with this request the 'client_id', the 'response_type' of 'code' and your 'redirect_url'.

It is this initial stage that prompts the user to authenticate with their Accounting credentials and authorize your app to access their business data. Once complete, they are redirected back to the specified callback URL along with an authorization code you require for the step you specified above.

Obtain the authorization code from the URL, and then you can specify it as the value of 'code' in the payload you included above (where you now have an 'accesstoken' variable).

This will provide you with a response, returning the access_token, refresh_token etc. 

We have a full guide on the steps required which can be found here: Authentication | Sage Developer

 

I hope this helps,

 

Ben

[Norman Firkins]

Hi Ben,

Yes I have already gained an authorization code successfully, and I passed it with the request for an access token. I got the code from the url that was returned from the successful sign in to sage. I am still getting an issue with the format of the code.

Thank you

[Ben Smith]

Hi Norman,

So in the payload here:

    payload = {'client_id': client_id,
               'client_secret': client_secret,
               'grant_type': 'authorization_code',
               'code': accesstoken,
               'redirect_uri': redirect_uri,
               'code_verifier': code_verifier
               }

You're passing the authorization code as the value of your 'accesstoken' variable? If so, what type is the accesstoken variable?

Ben

[Faycal Guemara]

Hello,

I am using Sage Compta et Facturation, the french version of SageOne.

Is it the same process to obtain a token ?

Thanks in advance for your help !

[Steel, Mark]

Hi Faycal, thank you for your question.

Sage Compta et Facturation is the French version of Sage Cloud Accounting and is compliant with API v3.1. The auth process is the same for this version as that mentioned in this thread previously.

Please let us know if you require any further support.

Thanks 

Mark

[Customer Centric]

Hi Mark,

                    I'm having similar error:

I'm getting the authorization code, trading with the token code. Then, doing a get request with the token received before and getting the error below: 

 

[{'$severity': 'error', '$dataCode': 'BadRequest', '$message': 'Authorization header has incorrect format', '$source': ''}]

 

 

def contact():
                        
              token_info = session.get('TOKEN_INFO')
              r = requests.get(url_query_business, headers= {'Authorization': token_info})
              data = r.json()
                       

                     return render_template('Contact.html', data=data) 
 

Any idea? I'm a little stuck here. Thanks

 

 

 

 

[Steel, Mark]

HI, apologies I missed your question.

If you can post the request including the headers you are making I'll take a look. Make sure you don't share any of your developer credentials, client_id, client_secret etc.

Thanks

Mark 

[Customer Centric]

Hi Mark, sure!

It's python though:

 

def contact():
              token_info = session.get('TOKEN_INFO')
              r = requests.get(url_query_business, headers= {'Authorization': token_info})
              data = r.json()
                    return render_template('Contact.html', data=data) 

url_query_business = 'https://api.accounting.sage.com/v3.1/businesses/lead'

 

## The header only includes the token. 

 

Thanks for any light you can share with me.

Thanks,

Leo

 

 

[Steel, Mark]

Hi Leo

Thanks for the request. Have you been able to use the access_token returned in POSTMAN to make the same request?

It appears that it is the format of the request that is incorrect. You'll need to ensure you're setting the authorization type as Bearer when sending the access_token in the header. 

Let me know how you get on.

Thanks

Mark

[Customer Centric]

On 12/2/2021 at 9:05 AM, Steel, Mark said:

Hi Leo

Thanks for the request. Have you been able to use the access_token returned in POSTMAN to make the same request?

It appears that it is the format of the request that is incorrect. You'll need to ensure you're setting the authorization type as Bearer when sending the access_token in the header. 

Let me know how you get on.

Thanks

Mark

Thanks Mark, was sending the token without the 'Bearer' before the Token. Thanks for your support. 

 

 

[Daoud Hadi]

Hi there,

I'm not sure whether "Norman Firkins" issue (first message) was resolved, but I'm facing the same issue. I've authorized my app to gain access and obtained the authorization code from the specified callback URL (an example code is shown below). 

This however results in an error saying "The auth code you transmitted has an unexpected format."

Not sure where Im going wrong, can anyone help?

code = 'GB%2F20cc2677-d838-47e1-a197-e914679d0222'

r = requests.post(URL, headers = headers, data = {'grant_type': 'authorization_code', 
                                                  'client_id':client_id, 
                                                  'client_secret':client_secret,
                                                  'redirect_uri':redirect_uri,
                                                  'code':code})

 

[Steel, Mark]

Hi Daoud, thank you for your question.

I believe Norman was able to exchange the auth_code for an access_token after setting the header parameter Content-Type: application/x-www-form-urlencoded and ensuring the auth_code was proceeded with the grant_type of Bearer.

Are you sending Content-Type: application/x-www-form-urlencoded as a header parameter and adding the grant_type "Bearer" to the code value(Bearer GB%2F20cc2677-d838-47e1-a197-e914679d0222)?

Thanks

Mark

[Joshua Press]

Hi, I have the exact same issue, when exchanging code for access token: 

https://oauth.accounting.sage.com/token

 

Content-type: application/x-www-form-urlencoded

Grant_type: 'authorization_code'

Access token from redirect URI: ?code=GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542&country=GB

I've already tried with, for the parameter "code": 

'89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'Bearer GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'Bearer 89cf3e2b-4cf8-46e4-80e3-47828e6dd542'

 

But all return the following error: "The auth code you transmitted has an unexpected format."

I've also tried to URL Encode all parameters, still not working. Any ideas?

 

Edited January 24, 2022 by Joshua Press

[Steel, Mark]

Hi Joshua, thank you for your question.

Could you confirm the following please?

You're making a POST request to https://oauth.accounting.sage.com/token containing:
Header param of Content-type: application/x-www-form-urlencoded
And Body Params made up of:

• client_id
• client_secret
• code
• grant_type
• redirect_uri

Have you been able to authenticate in a web client tool such as Postman?

[Joshua Press]

1 hour ago, Steel, Mark said:

Hi Joshua, thank you for your question.

Could you confirm the following please?

You're making a POST request to https://oauth.accounting.sage.com/token containing:
Header param of Content-type: application/x-www-form-urlencoded
And Body Params made up of:

• client_id
• client_secret
• code
• grant_type
• redirect_uri

Have you been able to authenticate in a web client tool such as Postman?

Hi Steel, Mark, thanks for your answer.

Yes. It is a POST request to: https://oauth.accounting.sage.com/token
Content-type: application/x-www-form-urlencoded
Body Params as your refered, yes. Tried both with params URL encoded and normal. 

I'm using Postman, that's where I'm getting the error. I'm not really sure about what I could try more. 

[Joshua Press]

Just fixed the problem. 

The problem was that I was using the code exactly as it came from the URL (encoded): GB%2Fxxxxxxxxxxxxxxx and that does not work. I've decoded the code, becoming something like: GB/xxxxxxxxxxxx and now it works.

An easy fix actually, but I've overlooked it. Since this seems to be an often asked question, I hope this may help someone save a few hours. 

[Steel, Mark]

Thanks Joshua

We'll update the docs to highlight this also. 

Mark

[dx change]

Hi ,

{'$dataCode': 'DataParsingError',
 '$message': 'The auth code you transmitted has an unexpected format.',
 '$severity': 'error',
 '$source': 'Proxy'}

 

if any one getting this error ?

Sol:-
you need to decode the code before using for token request.below link is useful for decode the code.

https://meyerweb.com/eric/tools/dencoder/

[Team Paul]

Hi,

{"$severity":"error","$dataCode":"DataParsingError","$message":"The data you sent could not be processed.","$source":"Proxy"}
I am getting this error

[Steel, Mark]

Hi - this message is generally returned during the exchange of the auth_code for the tokens.

It is usually because you have not correctly URL encoded the body params you're passing. 

[Andrew Lockwood]

On 1/25/2022 at 10:51 AM, Joshua Press said:

Just fixed the problem. 

The problem was that I was using the code exactly as it came from the URL (encoded): GB%2Fxxxxxxxxxxxxxxx and that does not work. I've decoded the code, becoming something like: GB/xxxxxxxxxxxx and now it works.

An easy fix actually, but I've overlooked it. Since this seems to be an often asked question, I hope this may help someone save a few hours. 

Thanks!!!  It is a pity the official documentation cannot include such a simple, but critical bit of information.