How can I get an oauth2 token?

andrew.sharpe79 · February 18, 2017, 2:23am

Using a POST request to https://online-go.com/oauth2/token/ returns 401.

I’ve tried with an account created via google, and also by creating an OGS account directly, I get 401 either way. The parameters in my request are

client_id:K3QNXDPyJAwDKScfccFniO6i4RVpPmUQcn2oB1vi
client_secret:tQ3kwh7cAe7dLDfnN6uuAT9QnhaIsAZs2jiCjCZVnylQyfYB2ML4vrXNbit2ZhMvQJ9ocVWfP8axb4YyNqEQkU7cRETPcPuXPMazT8vI2W49fNvd3O4Sayb6zgUwlKhP
grant_type:password
username:andrewsharpe79
password:$uper$ecret

I’ve also tried changing from application/x-www-form-urlencoded to application/json to no avail. The API documentation also doesn’t show a working example (http://docs.ogs.apiary.io/#reference/authentication/oauth2-user-token-generator/request-a-user-token).

How can I get a token with the new API?

vasilevich · March 29, 2017, 6:28am

The same problem…

roy7 · March 29, 2017, 4:54pm

Not a direct answer because I’ve never done this from scratch and don’t know how it works, but you could perhaps look at the gtp2ogs github code and see how it does authentication. Perhaps that will shed some light.

andrew.sharpe79 · March 30, 2017, 3:16am

Thanks Roy.

From what I can tell that project requires the token to be provided on the command line, so it’s not using the oAuth api bits to get the token.

Volcan · March 31, 2017, 4:00am

Im also having this problem. The Api documentation dosent seem to be in sync. Hope someone can clarify

roy7 · March 31, 2017, 1:48pm

We must summon the @anoek

matburt · April 2, 2017, 2:52am

Tested and works for me on beta and prod, so go here first to register a client:

as an example I chose client type public and grant type password

After you’ve done that, you’ll want to make sure the account you want to login as has a password set, here’s a curl example:

curl -X POST -d 'grant_type=password&username=matburt&password=notmypass&client_id=clientidgivenonthatpage&client_secret=clientsecretgivenonthatpage' https://online-go.com/oauth2/token/

Alternatively you can do this:

curl -X POST -d 'grant_type=password&username=matburt&password=notmypass' -u "clientidgivenonthatpage:clientsecretgivenonthatpage" https://online-go.com/oauth2/token/

I’ll point out that if your password contains something that your environment doesn’t like then that could interfere with the authentication… for example, using the curl line above verbatim is going to have trouble if your password contains an ampersand & or a bang ! and needs to be encoded appropriately.

matburt · April 2, 2017, 3:10am

Here’s a python requests example:

>>> import requests
>>> r = requests.post('https://online-go.com/oauth2/token/', data={"username":"matburt", "password":"notmypass", "client_id":"yourclientid", "client_secret": "yourclientsecret", "grant_type": "password"})
>>> r
<Response [200]>
>>>

andrew.sharpe79 · July 23, 2017, 8:40am

Great!

It’s working again and I haven’t changed my code. I did need to create another app though as all my existing ones were gone.

Thanks for the update

zoodiabloc · October 12, 2022, 3:19am

The command doesn’t work for me. Using https returns “error”: “invalid_client” but using http returns empty string. When I copy the request to postman it says 405 error. I created the API client from this site: Play Go at online-go.com! | OGS

What did I do wrong?

zoodiabloc · October 12, 2022, 4:05am

@flovo I tried running the same command you ran here: Apiary Documents Out of Date? - #6 by flovo

However, I received {“error”: “invalid_client”} error message. Did the api change again?