cancel
Showing results for 
Search instead for 
Did you mean: 
Constant Contact wants to help you succeed! We’re celebrating our professional service programs on the Constant Contact Community this month and you have a chance to try one of the services for free! Learn more.

OAuth 2.0 - Access Token Request - (401) Unauthorized

Solution Provider

OAuth 2.0 - Access Token Request - (401) Unauthorized

I keep getting (401) Unauthorized from the server, and I'm not sure why. I'm using the code generated in the Authorization Response, and have copy and pasted in the other Key/Secret/URI info from my account.

 

Here's my code, any insight?

 

HttpWebRequest httpWReq = (HttpWebRequest)WebRequest.Create("https://oauth2.constantcontact.com/oauth2/oauth/token?");

    ASCIIEncoding encoding = new ASCIIEncoding();
    string postData = "grant_type=authorization_code";
    postData += "&client_id=<API KEY>";
    postData += "&client_secret=<SECRET KEY>";
    postData += "&code=<CODE>";
    postData += "&redirect_uri=<REDIRECT URL>";

    byte[] data = encoding.GetBytes(postData);

    httpWReq.Method = "POST";
    httpWReq.ContentType = "application/x-www-form-urlencoded";
    httpWReq.ContentLength = data.Length;

    // Write data
    Stream postStream = httpWReq.GetRequestStream();
    postStream.Write(data, 0, data.Length);
    postStream.Close();

    // Send Request & Get Response
    HttpWebResponse response = null;
    response = (HttpWebResponse)httpWReq.GetResponse();

    using (StreamReader reader = new StreamReader(response.GetResponseStream()))
    {
        // Get the Response Stream
        string json = reader.ReadLine();
        Console.WriteLine(json);

        // Retrieve and Return the Access Token
        JavaScriptSerializer ser = new JavaScriptSerializer();
        Dictionary<string, object> x = (Dictionary<string, object>)ser.DeserializeObject(json);
        string accessToken = x["access_token"].ToString();
        Master.PostMessage(accessToken, LogMessageType.Information);
    }

4 REPLIES 4
Highlighted
Honored Contributor

Re: OAuth 2.0 - Access Token Request - (401) Unauthorized

Hello,

 

Based on what's being done in your code, the issue here is that you are trying to accomplish the entire OAuth process in one step where it is actually a two-step process on the server side. Here's a very basic breakdown:

 

1. Direct the user to https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize and include parameters for the redirect uri, response type, and the API key. When the user reached this page, they will be prompted to log in and then grant access to your application.

2. Once the user grants permission, they will be sent to your specified redirect URI with an additional parameter containing a code. Using that code, you need to make a request to https://oauth2.constantcontact.com/oauth2/oauth/token with the appropriate information.

 

One important thing to keep in mind is that your redirect URI must match exactly the redirect URI on your API key. The only exception to this is for parameters appended to the redirect URI.

 

You can read about this process in detail, along with the specific parameters for each request here: http://developer.constantcontact.com/docs/developer-guides/authentication.html

 

Sincerely,

Elijah G.

API Support Specialist

Elijah G.
API Support Engineer
Solution Provider

Re: OAuth 2.0 - Access Token Request - (401) Unauthorized

Thanks for the reply, but this is only the second half of my code.

I've been able to successfully redirect the user to grant access and generate the code. I just haven been able to generate the token...

Moderator

Re: OAuth 2.0 - Access Token Request - (401) Unauthorized

I tested out a simple OAuth 2.0 sample app to see if I could reproduce and I wasn't able to.  Below is the code I used for parsing the code response on my redirect_uri page as well as exchanging it for an access_token.  Keep in mind, we also have a C# wrapper library you can use that does all this for you found here.

 

String code = Request.QueryString["code"];

StringBuilder tokenUri = new StringBuilder();

tokenUri.Append(TokenUri);

tokenUri.AppendFormat("?grant_type=authorization_code&client_id={0}&client_secret={1}&code={2}&redirect_uri={3}",

                ApiKey, ConsumerSecret, code, HttpUtility.UrlEncode(RedirectUri));

 

String responseBody;

try

{

                HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(tokenUri.ToString());

                request.Method = "POST";

                HttpWebResponse response = (HttpWebResponse)request.GetResponse();

                StreamReader responseStream = new StreamReader(response.GetResponseStream());

                responseBody = responseStream.ReadToEnd();

}

catch (WebException ex)

{

                StreamReader responseStream = new StreamReader(ex.Response.GetResponseStream());

                responseBody = responseStream.ReadToEnd();

}

 

// code to parse JSON and store access_token should go here

 

Dave Berard
Senior Product Manager, Constant Contact
Solution Provider

Re: OAuth 2.0 - Access Token Request - (401) Unauthorized

Thanks for the reply.

 

I'm taking another look at this now. I'm using the SDK and have finished all my other integration now I just need the OAuth to work.

 

I'm trying to use OAuth.GetAccessTokenByCode(HttpContext.Current, code); but all it returns is null,

 

Are you able to offer any insight?