How can I get an oauth2 token?

Using a POST request to https://online-go.com/oauth2/token/ returns 401.

I’ve tried with an account created via google, and also by creating an OGS account directly, I get 401 either way. The parameters in my request are

client_id:K3QNXDPyJAwDKScfccFniO6i4RVpPmUQcn2oB1vi
client_secret:tQ3kwh7cAe7dLDfnN6uuAT9QnhaIsAZs2jiCjCZVnylQyfYB2ML4vrXNbit2ZhMvQJ9ocVWfP8axb4YyNqEQkU7cRETPcPuXPMazT8vI2W49fNvd3O4Sayb6zgUwlKhP
grant_type:password
username:andrewsharpe79
password:$uper$ecret

I’ve also tried changing from application/x-www-form-urlencoded to application/json to no avail. The API documentation also doesn’t show a working example (http://docs.ogs.apiary.io/#reference/authentication/oauth2-user-token-generator/request-a-user-token).

How can I get a token with the new API?

2 Likes

The same problem…

1 Like

Not a direct answer because I’ve never done this from scratch and don’t know how it works, but you could perhaps look at the gtp2ogs github code and see how it does authentication. Perhaps that will shed some light.

1 Like

Thanks Roy.

From what I can tell that project requires the token to be provided on the command line, so it’s not using the oAuth api bits to get the token.

Im also having this problem. The Api documentation dosent seem to be in sync. Hope someone can clarify :slight_smile:

We must summon the @anoek

Tested and works for me on beta and prod, so go here first to register a client:

as an example I chose client type public and grant type password

After you’ve done that, you’ll want to make sure the account you want to login as has a password set, here’s a curl example:

curl -X POST -d 'grant_type=password&username=matburt&password=notmypass&client_id=clientidgivenonthatpage&client_secret=clientsecretgivenonthatpage' https://online-go.com/oauth2/token/

Alternatively you can do this:

curl -X POST -d 'grant_type=password&username=matburt&password=notmypass' -u "clientidgivenonthatpage:clientsecretgivenonthatpage" https://online-go.com/oauth2/token/

I’ll point out that if your password contains something that your environment doesn’t like then that could interfere with the authentication… for example, using the curl line above verbatim is going to have trouble if your password contains an ampersand & or a bang ! and needs to be encoded appropriately.

1 Like

Here’s a python requests example:

>>> import requests
>>> r = requests.post('https://online-go.com/oauth2/token/', data={"username":"matburt", "password":"notmypass", "client_id":"yourclientid", "client_secret": "yourclientsecret", "grant_type": "password"})
>>> r
<Response [200]>
>>>
1 Like

Great!

It’s working again and I haven’t changed my code. I did need to create another app though as all my existing ones were gone.

Thanks for the update :slight_smile:

The command doesn’t work for me. Using https returns “error”: “invalid_client” but using http returns empty string. When I copy the request to postman it says 405 error. I created the API client from this site: Play Go at online-go.com! | OGS

What did I do wrong?

@flovo I tried running the same command you ran here: Apiary Documents Out of Date? - #6 by flovo

However, I received {“error”: “invalid_client”} error message. Did the api change again?