Jump to content

Issue with oauth2.0 access token


 Share

Recommended Posts

Hi there,

I am new to sage APIs, but I have worked with OAuth2.0 before. I keep getting the following error when requesting an access token: "The auth code you transmitted has an unexpected format".

Here is my request below:

url = 'https://oauth.accounting.sage.com/token'
    payload = {'client_id': client_id,
               'client_secret': client_secret,
               'grant_type': 'authorization_code',
               'code': accesstoken,
               'redirect_uri': redirect_uri,
               'code_verifier': code_verifier
               }
    files = []

    headers = {
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    response = requests.request("POST", url, headers=headers, data=payload)

This is the response I get:

{'$dataCode': 'DataParsingError',
 '$message': 'The auth code you transmitted has an unexpected format.',
 '$severity': 'error',
 '$source': 'Proxy'}

 

Link to comment
Share on other sites

  • Administrators

Hi Norman,

Welcome to the community ūüôā

The Accounting API uses OAUTH 2.0 with an authorization code grant type, which requires 2 stages to obtain a valid access token. 

The initial step is to make an authorization request to https://www.sageone.com/oauth2/auth/central?filter=apiv3.1

You must include with this request the 'client_id', the 'response_type' of 'code' and your 'redirect_url'.

It is this initial stage that prompts the user to authenticate with their Accounting credentials and authorize your app to access their business data. Once complete, they are redirected back to the specified callback URL along with an authorization code you require for the step you specified above.

Obtain the authorization code from the URL, and then you can specify it as the value of 'code' in the payload you included above (where you now have an 'accesstoken' variable).

This will provide you with a response, returning the access_token, refresh_token etc. 

We have a full guide on the steps required which can be found here: Authentication | Sage Developer

 

I hope this helps,

 

Ben

Link to comment
Share on other sites

Hi Ben,

Yes I have already gained an authorization code successfully, and I passed it with the request for an access token. I got the code from the url that was returned from the successful sign in to sage. I am still getting an issue with the format of the code.

Thank you

Link to comment
Share on other sites

  • Administrators

Hi Norman,

So in the payload here:

    payload = {'client_id': client_id,
               'client_secret': client_secret,
               'grant_type': 'authorization_code',
               'code': accesstoken,
               'redirect_uri': redirect_uri,
               'code_verifier': code_verifier
               }

You're passing the authorization code as the value of your 'accesstoken' variable? If so, what type is the accesstoken variable?

Ben

Link to comment
Share on other sites

Hi Faycal, thank you for your question.

Sage Compta et Facturation is the French version of Sage Cloud Accounting and is compliant with API v3.1. The auth process is the same for this version as that mentioned in this thread previously.

Please let us know if you require any further support.

Thanks 

Mark

Link to comment
Share on other sites

  • 3 months later...

Hi Mark,

                    I'm having similar error:

I'm getting the authorization code, trading with the token code. Then, doing a get request with the token received before and getting the error below: 

 

[{'$severity': 'error', '$dataCode': 'BadRequest', '$message': 'Authorization header has incorrect format', '$source': ''}]

 

 

def contact():
                        
              token_info = session.get('TOKEN_INFO')
              r = requests.get(url_query_business, headers= {'Authorization': token_info})
              data = r.json()
                       

                     return render_template('Contact.html', data=data) 
 

Any idea? I'm a little stuck here. Thanks

 

 

 

 

Link to comment
Share on other sites

Hi Mark, sure!

It's python though:

 

def contact():
              token_info = session.get('TOKEN_INFO')
              r = requests.get(url_query_business, headers= {'Authorization': token_info})
              data = r.json()
                    return render_template('Contact.html', data=data) 

url_query_business = 'https://api.accounting.sage.com/v3.1/businesses/lead'

 

## The header only includes the token. 

 

Thanks for any light you can share with me.

Thanks,

Leo

 

 

Link to comment
Share on other sites

Hi Leo

Thanks for the request. Have you been able to use the access_token returned in POSTMAN to make the same request?

It appears that it is the format of the request that is incorrect. You'll need to ensure you're setting the authorization type as Bearer when sending the access_token in the header. 

Let me know how you get on.

Thanks

Mark

Link to comment
Share on other sites

  • 2 weeks later...
On 12/2/2021 at 9:05 AM, Steel, Mark said:

Hi Leo

Thanks for the request. Have you been able to use the access_token returned in POSTMAN to make the same request?

It appears that it is the format of the request that is incorrect. You'll need to ensure you're setting the authorization type as Bearer when sending the access_token in the header. 

Let me know how you get on.

Thanks

Mark

Thanks Mark, was sending the token without the 'Bearer' before the Token. Thanks for your support. 

 

 

Link to comment
Share on other sites

  • 5 weeks later...

Hi there,

I'm not sure whether "Norman Firkins" issue (first message) was resolved, but I'm facing the same issue. I've authorized my app to gain access and obtained the authorization code from the specified callback URL (an example code is shown below). 

This however results in an error saying "The auth code you transmitted has an unexpected format."

Not sure where Im going wrong, can anyone help?

code = 'GB%2F20cc2677-d838-47e1-a197-e914679d0222'

r = requests.post(URL, headers = headers, data = {'grant_type': 'authorization_code', 
                                                  'client_id':client_id, 
                                                  'client_secret':client_secret,
                                                  'redirect_uri':redirect_uri,
                                                  'code':code})

 

Link to comment
Share on other sites

Hi Daoud, thank you for your question.

I believe Norman was able to exchange the auth_code for an access_token after setting the header parameter Content-Type: application/x-www-form-urlencoded and ensuring the auth_code was proceeded with the grant_type of Bearer.

Are you sending Content-Type: application/x-www-form-urlencoded as a header parameter and adding the grant_type "Bearer" to the code value(Bearer GB%2F20cc2677-d838-47e1-a197-e914679d0222)?

Thanks

Mark

Link to comment
Share on other sites

  • 2 weeks later...

Hi, I have the exact same issue, when exchanging code for access token: 

https://oauth.accounting.sage.com/token

 

Content-type: application/x-www-form-urlencoded

Grant_type: 'authorization_code'

Access token from redirect URI: ?code=GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542&country=GB

I've already tried with, for the parameter "code": 

'89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'Bearer GB%2F89cf3e2b-4cf8-46e4-80e3-47828e6dd542'
'Bearer 89cf3e2b-4cf8-46e4-80e3-47828e6dd542'

 

But all return the following error: "The auth code you transmitted has an unexpected format."

I've also tried to URL Encode all parameters, still not working. Any ideas?

 

Edited by Joshua Press
Link to comment
Share on other sites

Hi Joshua, thank you for your question.

Could you confirm the following please?

You're making a POST request to https://oauth.accounting.sage.com/token containing:
Header param of Content-type: application/x-www-form-urlencoded
And Body Params made up of:

  • client_id
  • client_secret
  • code
  • grant_type
  • redirect_uri

Have you been able to authenticate in a web client tool such as Postman?

Link to comment
Share on other sites

1 hour ago, Steel, Mark said:

Hi Joshua, thank you for your question.

Could you confirm the following please?

You're making a POST request to https://oauth.accounting.sage.com/token containing:
Header param of Content-type: application/x-www-form-urlencoded
And Body Params made up of:

  • client_id
  • client_secret
  • code
  • grant_type
  • redirect_uri

Have you been able to authenticate in a web client tool such as Postman?

Hi Steel, Mark, thanks for your answer.

Yes. It is a POST request to: https://oauth.accounting.sage.com/token
Content-type: application/x-www-form-urlencoded
Body Params as your refered, yes. Tried both with params URL encoded and normal. 

I'm using Postman, that's where I'm getting the error. I'm not really sure about what I could try more. 

Link to comment
Share on other sites

Just fixed the problem. 

The problem was that I was using the code exactly as it came from the URL (encoded): GB%2Fxxxxxxxxxxxxxxx and that does not work. I've decoded the code, becoming something like: GB/xxxxxxxxxxxx and now it works.

An easy fix actually, but I've overlooked it. Since this seems to be an often asked question, I hope this may help someone save a few hours. 

Link to comment
Share on other sites

  • 5 months later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...