I've seen many posts from people attempting to perform oAuth 2.0 using non web enabled applications, such as C# and VB.Net. It's extremely disappointing to read on your website your position that you've chosen to abandon these users by not providing any sdk’s or really, any relevant support whatsoever, to people writing non-web enabled apps.
From my standpoint I've found a solution to the whole oAuth 2.0/non-web enabled app quandary. It cost me some coin in having to purchase a 3rd party web control (the one in Visual Studio doesn't work) that could be placed on a form and have the oAuth code returned and captured in a received headers event, but at least it's a solution. (i.e. Essential Objects eo.webbrowser)
I'm obviously new to your 3.0 API (we are upgrading from your V1.0 API) so I know there is a learning curve to climb. This climb is complicated by the vagueness of some of your terminology. For example, you refer to an “Access code” interchangeably between what is really the “oAuth2 Token” and the “Access Token” that gets returned with the “Refresh Token”. (All these tokens, reminds me of the 70’s) Since most of the snippets in your replies lack any sort of context, it’s difficult to know exactly what is what.
It would be awesome if you had a functioning sample application, in VB or C# available for us mere mortals.
I’ve been successful in obtaining the oAuth2 Token. Once obtained I’m able to successfully obtain both an Access Token and a Refresh Token (returned from the same call).
(Here is the code to obtain the Access Token and the Refresh Token in case anyone is interested. I stole most of this from somewhere)
Imports RestSharp ‘ // Obtained through NuGet Imports Newtonsoft.Json ‘ // Obtained through NuGet Private Function CC_API3_GetAuthorizationToken() As Boolean Dim sBase64cred As String Dim client = New RestSharp.RestClient("https://idfed.constantcontact.com/as/token.oauth2?code=" & gstrOAuth2_Token & "&redirect_uri=" & cLocalHost & "&grant_type=authorization_code") Dim request = New RestRequest(Method.POST) Dim credentials As String = consumerKey & ":" & consumerSecret Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(credentials) Dim response As IRestResponse sBase64cred = Convert.ToBase64String(plain) Dim base64auth = "Basic " & sBase64cred request.AddHeader("authorization", base64auth) Try response = client.Execute(request) Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString) gstrAccess_Token = jsonResulttodict.Item("access_token") gstrRefresh_Token = jsonResulttodict.Item("refresh_token") CC_API3_GetAuthorizationToken = True Catch ex As Exception CC_API3_GetAuthorizationToken = False MsgBox(ex.Message) End Try End Function
This is what I’ve returned
The problem I am now running into now is that the “Access Token” doesn’t seem to work when making requests, such as downloading a list of email lists. I’ve received two different errors depending on which “Token” I’m using. “Request forbidden due to insufficient authorization scopes” or just “Unauthorized”
Here is the code for that: (Also mostly stolen from bits and pieces of other posts)
Private Sub CC_API3_GetListOfLists() Dim client = New RestSharp.RestClient(https://api.cc.email/v3/contact_lists?include_count=false) Dim request = New RestRequest(Method.GET) Dim plain As Byte() = System.Text.Encoding.UTF8.GetBytes(gstrAccess_Token) Dim sBase64cred As String = Convert.ToBase64String(plain) Dim b64_Auth = "Bearer " & sBase64cred Try request.AddHeader("content-type", "application/json") request.AddHeader("cache-control", "no-cache") request.AddHeader("accept", "application/json") request.AddHeader("authorization", b64_Auth) Dim response As IRestResponse = client.Execute(request) Dim jsonResulttodict = JsonConvert.DeserializeObject(Of Dictionary(Of String, Object))(response.Content.ToString) Catch ex As Exception MsgBox(ex.Message) End Try End Sub
I’m using my “Partner” CC account. I’m using my application’s consumer key and consumer secret key, created just for this application.
I’ve signed into CC using my “Partner” CC login name and password via the oAuth2 method described above to obtain my oAuth2 Token.
What other things can I be looking at?
As a follow up to this post, I've been able to determine that one is not supposed to encode the access token in the ("Authorization", Bearer = Access_Token) header line. Still, that leaves me stuck on the 403 error message. I've tried including the "&Scope=contact_data" in the initial oAuth2 url request but it seems to make no difference.
A little insight from you folks would be amazing.