Stuck with Oauth2 V3 API

JamesC400 · ‎04-14-2020

Using Rails and Oauth2, I am running into an error that says: "{"error_description":"Invalid client or client credentials","error":"invalid_client"}"

What is strange that I'm able to generate the initial URL:

https://idfed.constantcontact.com/as//authorization.oauth2?pfidpadapterid=ctctOAuth2IdpAdapter&scope...

Takes me to the "XXX is requesting permission for the following: etc..." I see the name of the APP I created which leads me to think that the client id I am passing is correct.

I created my own strategy based off this:

https://github.com/omniauth/omniauth-oauth2

I specified the following:

option :client_options, {
site: 'https://api.cc.email/v3/',
token_url: 'https://idfed.constantcontact.com/as/token.oauth2',
authorize_url: 'https://api.cc.email/v3/idfed',
grant_type: "authorization_code"
}

Any ideas on where to look?

Jimmy_D · ‎04-15-2020

Hello @JamesC400,

Thank you for reaching out to Constant Contact's API Support.

That error means one of two things. Either the API Key you are using in invalid; which doesn't seem likely since you are able to generate your authorization code, or the authorization header you are using was not generated correctly.

In Steps 4 and 5 of the oAuth flow you need to include an authorization header that uses a Basic token and the way you generate that is by putting your api_key and client_secret together separated by a : (colon). Then base64 encoding that.

Here is an example of how the header would look if I were to be submitting a cURL command and encoded api_key:client_secret.

header 'Authorization: Basic YXBpX2tleTpjbGllbnRfc2VjcmV0'

Regards,
Jimmy D.
Tier II API Support Engineer

JamesC400 · ‎04-18-2020

Hi,

Thanks for the response! You led me in the right direction. Turns out there was a typo while constructing the Authorization header on my end.

thanks a lot!

WillH772 · ‎08-21-2020

I have built an integration that was refreshing tokens every 30 minutes for 2 months, then yesterday it stopped working.

I get the same message:

        "response": {
            "error_description": "Invalid client or client credentials",
            "error": "invalid_client"
        }

In the code, I am setting the Authorization header:

'Authorization: Basic ' . base64_encode($request['api_key'] . ':' . $request['secret'])

When I check the API key in the API Reference it works. Also, I have triple checked the API Key and Secret. I am able to complete steps 1-4 of the workflow: https://v3.developer.constantcontact.com/api_guide/server_flow.html

But step 5 is breaking... not sure what could be wrong.

Jimmy_D · ‎08-24-2020

Hi @WillH772,

I'm happy to check in to this, but in order to do that I would need some information that is best kept private. I would suggest to email us at webservices(at)constantcontact.com and provide your API Key, Client Secret, and Redirect URI, so I can try to replicate.

Regards,
Jimmy D.
Tier II API Support Engineer

WillH772 · ‎08-25-2020

Hello, I sent an email last Friday morning and have not received a response.

Stuck with Oauth2 V3 API

Stuck with Oauth2 V3 API

Developer Portal

Three Reasons Why You Should Use Email Marketing Year Round