I am VERY new to generating an OAUTH 2.0 token for use with accessing Constant Contact via ColdFusion 8.0, and am having one heck of a time.
Any guidance on how to generate a token? I have spent several hours going over the documentation and trying multiple options with no success. If I use CFHTTP, that fails. If I put the URL into the address bar of my browser, I get a login request, then upon entering my credentials, I get a JBOSS 404 error. I have confirmed that the redirect_uri is the same as the one I identified for use with my API key.
Thanks in advance for any tips you may have.
Does the 404 error happen just after entering your account credentials, or aftter you click "Allow Access?" I can't say for sure without knowing more, but it sounds as though after you enter account credentials and click to authorize, you may be getting redirected properly to your redirect uri, but the call being made to request exchange the authorization code that is returned as a GET parameters with that redirect is being made to an invalid url.
The flow should be:
1) You app redirects to our authorization url, where you login and click "allow access"
2) Our server redirects browser back to your redirect uri with GET parameters, including authorization code
3) Your app redirects back to our token url, passing the authorization code back (among other parameters)
4) Our server validates the request, generates the token, and POSTs back to your redirect uri.
So, it sounds like step 3 is where you're probably getting the JBOSS 404, and that probably indicates this redirect isn't correct.
It should be to: https://oauth2.constantcontact.com/oauth2/oauth/token? with parameters appended. Let me know if this helps.
I am not sure how this came out last April, but as I am trying to build an OAUTH2 authentication to replace a basic authentication, I don't seem to get past the first request to authorize:
after substituting the appropriate client values, I get redirected to a login page, enter name and password and then get a 404. There is no ability to Approve the Access. The redirect_uri is in fact identical to the page I am calling, and also identical to the registered request_uri in the API_KEY. I don't see another reason mentioned for this 404.
The next place to look would be...
It looks like you are replacing the word "siteowner" in the URL with a variable. That's part of the URL, not a dynamic value, so that would explain a 404 once you've authenticated. If you are still having issues after replacing that portion of the URL, we'd need some sensitive account information to troubleshoot, so please PM me or send an email to firstname.lastname@example.org.
That makes the difference. I don't know why I leapt to the conclusion that the string "siteowner" was a placeholder for the account name.