I am writing a wordpress plugin and I am in need of some help. I use the link https://oauth2.constantcontact.com/oauth2/callback.htm?client_id=<API_KEY> to generate a page so that the client can login to authorize the plugin. If I am already logged in then it works fine. If I am not logged in then it just shows a blank page. Any suggestions will help. Please.
My aim is to get the client to get their access token and paste it back into the plugin. Or is there a better way? Please help
To address this specific issue, the best method is to implement a full OAuth flow using a redirect URI so you can capture the access token automatically for the plugin. One important note with this process is that it does require a single page to be hosted independent of the plugin to function as a common redirect URI.
To explain the above requirement, this is the case because our OAuth flow requires a redirect URI to be specified on the API key, and that redirect must be used for any integrations on that API key. This flow can be used to integrate plugins that are hosted on multiple domains by taking advantage of being able to add parameters to the OAuth requests, that are then passed on to the redirect URI.
By doing this, you can create a page that will accept these redirects from the OAuth flow, and then use a parameter on that flow to redirect to the individual wordpress site that is hosting the plugin. Once the information is redirect to the individual wordpress site, that site can fetch the access token from Constant Contact directly and store it within the plugin configuration for later use.
There is an alternative method that is simpler to implement, but comes with a notable risk. This method involves using the same method that you are now, but using a Constant Contact Login URL that will redirect to the authorization page. The significant risk involved here is that there are no guarantees that we will not make changes to our login flow, which would break this method. This is especially important because changes to this implementation of the OAuth flow is not something that our developers would be notified of, because it does not change the implementation of the standard OAuth flow.
Having covered the risks involved, you can implement your original method by using this URL: https://login.constantcontact.com/login/login.sdo?goto=https%3A%2F%2Foauth2.constantcontact.com%2Foauth2%2Fcallback.htm%3Fclient_id%3D<API_KEY>
If you do have any questions for me, please feel free to reach out and I will be happy to answer them!