Community Home
Resources
Events & Webinars
Learn
Groups
Product Ideas

Stuck with Oauth2 V3 API

JamesC400
Rookie
‎04-14-2020 07:30 PM
0 Votes
‎04-14-2020 07:30 PM

Using Rails and Oauth2, I am running into an error that says: "{"error_description":"Invalid client or client credentials","error":"invalid_client"}"

 

What is strange that I'm able to generate the initial URL:

https://idfed.constantcontact.com/as//authorization.oauth2?pfidpadapterid=ctctOAuth2IdpAdapter&scope...

 

Takes me to the "XXX is requesting permission for the following: etc..." I see the name of the APP I created which leads me to think that the client id I am passing is correct.

 

I created my own strategy based off this:

https://github.com/omniauth/omniauth-oauth2

 

I specified the following:

 

option :client_options, {
site: 'https://api.cc.email/v3/',
token_url: 'https://idfed.constantcontact.com/as/token.oauth2',
authorize_url: 'https://api.cc.email/v3/idfed',
grant_type: "authorization_code"
}

Any ideas on where to look? 

 

5 REPLIES 5
Jimmy_D
Employee
Employee
‎04-15-2020 01:51 PM
0 Votes
‎04-15-2020 01:51 PM

Hello @JamesC400,

 

Thank you for reaching out to Constant Contact's API Support.

 

That error means one of two things. Either the API Key you are using in invalid; which doesn't seem likely since you are able to generate your authorization code, or the authorization header you are using was not generated correctly.

 

In Steps 4 and 5 of the oAuth flow you need to include an authorization header that uses a Basic token and the way you generate that is by putting your api_key and client_secret together separated by a : (colon). Then base64 encoding that.

 

Here is an example of how the header would look if I were to be submitting a cURL command and encoded api_key:client_secret.

 

header 'Authorization: Basic YXBpX2tleTpjbGllbnRfc2VjcmV0'

Regards,
Jimmy D.
Tier II API Support Engineer
JamesC400
Rookie
‎04-18-2020 01:50 PM
In response to Jimmy_D
0 Votes
‎04-18-2020 01:50 PM

Hi,

Thanks for the response! You led me in the right direction. Turns out there was a typo while constructing the Authorization header on my end. 

 

thanks a lot!

WillH772
Rookie
‎08-21-2020 12:47 PM
In response to Jimmy_D
0 Votes
‎08-21-2020 12:47 PM

I have built an integration that was refreshing tokens every 30 minutes for 2 months, then yesterday it stopped working.

 

I get the same message: 

        "response": {
            "error_description": "Invalid client or client credentials",
            "error": "invalid_client"
        }

 

In the code, I am setting the Authorization header:

'Authorization: Basic ' . base64_encode($request['api_key'] . ':' . $request['secret'])

 

When I check the API key in the API Reference it works. Also, I have triple checked the API Key and Secret. I am able to complete steps 1-4 of the workflow: https://v3.developer.constantcontact.com/api_guide/server_flow.html

 

But step 5 is breaking... not sure what could be wrong.

Jimmy_D
Employee
Employee
‎08-24-2020 06:24 PM
In response to WillH772
0 Votes
‎08-24-2020 06:24 PM

Hi @WillH772,

 

I'm happy to check in to this, but in order to do that I would need some information that is best kept private. I would suggest to email us at webservices(at)constantcontact.com and provide your API Key, Client Secret, and Redirect URI, so I can try to replicate.


Regards,
Jimmy D.
Tier II API Support Engineer
WillH772
Rookie
‎08-25-2020 11:24 AM
In response to Jimmy_D
0 Votes
‎08-25-2020 11:24 AM

Hello, I sent an email last Friday morning and have not received a response.

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page