Question

Oauth2 authentication: various errors

  • 17 June 2021
  • 3 replies
  • 163 views

Userlevel 1

I am implementing an Oauth2 server on my side with PHP using OAuth2 - PHPLeague

https://oauth2.thephpleague.com/

 

Issue #01

 

I have configured email and password as Authentication Fields

 

7Zerz6KsTYLH5Pm6JxzA145rtoPPYI3M1H6XCV5Yzo19CHIiJR_DgflrUInYZTz_fswk84PiC1S-UZYUGkxaN1EHCYnii41-iZ96So7Kt6o06r4Gguv_-iOXpfP-Dg7kADZ0K_Yg

 

Then I add them to the Authorization url so I can do validation and authentication on my oauth2 server.

 

zHV8hTSKPbSZCrwS_Q6gy7WYf20w8u98UnJEGW0HX0tCTnj-J22RQctS9HFipgzKWesTA_8q24h9x6BVIB-iEwiBpEQgaykPK5zslKbg9mlXY8gIdE4OavVU529cL0kZqVOLs6oK

 

This part is working, but I am wondering if I can send it through the header to avoid having to encode it in the url?, I have tried adding these parameters to the headers form, but after I save the header is removed. Not sure if I am missing a naming convention on headers params,

 

Issue #02

 

I am not able to show an error in zapier when calling authorization endpoint. I have tried returning a PSR7 response and simple json response. 

 

EXwADKrsUNQk1zvLmylUmI82bN9LUBvPxGNAX_7NcZX8RqCt7KdFFGhLpgb11FtMzLOht2JzcxDuHt2kPHqgNiB6N6vJh5wGNlVY8l-CuSehFSaSpNfKEDqQB58x-WpZuvr4Cnf2

 

But I only see a white screen, what is the correct error response format?

 

Issue #03

 

On the Authorization request I return the user id, but I also need to return other user info to use on the Connection Label. On the test endpoint I had no problems since I found an example where I needed to return a json with: id, name and email fields, but not sure how to do it when doing the full process: Authorization Url + Access Token Request, not sure in what point you read that info.

 

YZNsS_gV2EV96thgVouls3HTG_VR0SWPsTe1btm-b4jagsbtejCgVYKxCLQF3_B4KBY1iWlYGR4VFGdfywy9XqsscX8zHjoq7fflJydxqrirCgyCz_rtDG5XtRHfOUiqV-YNqa1h

 


This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

3 replies

Userlevel 7
Badge +9

Question 1, sending messages in the body vs. url params: 

For this OAuth 2 flow this is an HTTP GET in most implementations, and so there is no body sent. 

Question 2, showing an error:

So this is a request handler on your server once we’ve redirected to you, yeah? I think you just want to return an HTML page with the error info for the user on it, rather than trying to redirect back to us for us to render that message at that point in the flow. Perhaps someone else can provide some guidance here…

Question 3, connected account label:

If that data is returned by your auth test request, you can reference it in bundle.inputData.yourfieldname if it’s extra information returned with your token request, you might look at computed fields to add that data to bundle.authData.*** 

 

Userlevel 1

@Zane, thanks for the reply, about question 1, I found that we can enable sending body in get requests in zapier, there is a parameter: allowGetBody

https://github.com/zapier/zapier-platform/blob/master/packages/core/src/http-middlewares/before/prepare-request.js#L46-L49

But not sure how to use it on Authorization Url, since I need to return a url, maybe this is useful in other GET requests.

Any thoughts on this?

Userlevel 7
Badge +9

Digging in, remembering that that request is handled differently than other requests throughout the schema. 

Check out the authorizeUrl at https://zapier.github.io/zapier-platform-schema/build/schema.html#authenticationoauth2configschema - it expects a RedirectRequest object, rather than a standard request configuration.

If I’m thinking about this correctly, this makes sense - this request is being made from the user’s browser, not going through the platform like everything else. 

In short, I think the way you were configuring that request it is the way to do it.