Regarding API Access for Oauth integration

Hi @erickv @nayelyz and team

We are trying to integrate with smartthings API and we face the following issue.

We get the authorization code in the first step by hitting this endpoint https://auth-global.api.smartthings.com

we use the authorization code to fetch the access token by hitting this endpoint https://api.smartthings.com/v1/oauth/token, we get the following error.

{
"error": "invalid_grant",
"error_description": "Invalid authorization code: h4DpX9OQEU3KhDppyL6KMpfx7"
}

We are giving the same redirect uri given in the app settings. Below is the code snippet to hit the access token endpoint.

params = 'client_id=' + client_id + '&grant_type=authorization_code' + '&code=' + flask.request.args.get('code') + '&redirect_uri=' + redirect_uri

headers_dict={

'content-type': 'application/x-www-form-urlencoded'

}

response = requests.post(token_url, headers=headers_dict, data=params, auth=(client_id, client_secret))

response.raise_for_status()

data = response.json()

Please let us know any issue with the above code or URL.

Thanks

Hello, @swathi.manoravi

This issue is because you’re trying to redeem a code generated in a different API, therefore, to overcome this issue, your codes must be generated at https://api.smartthings.com/v1/oauth/authorize.

Please, let me know if you have additional questions.

Hi, @erickv

We’ve changed the endpoint to https://api.smartthings.com/v1/oauth/authorize, after login with valid credentials we’re getting authorization code and the code is passing to token endpoint then getting invalid authorization code error.

We’re using the below curl command mentioned in the secure documentation.

curl -X POST “https://api.smartthings.com/v1/oauth/token”
-u ‘xxx-xxx-xxx-xxx-xxxx:xxxx-xxxx-xx-xxx-xxxxxx’
-H ‘Content-Type: application/x-www-form-urlencoded’
-d ‘grant_type=authorization_code&client_id=xxxxxx-xxxx-xxx-xxx-xxxxxxxx&code=hPNC3pMjSNuYl8kEQZoe0oOgx&redirect_uri=https://xxxx.com/smartthings/callback’
{“error”:“invalid_grant”,“error_description”:“Invalid authorization code: hPNC3pMjSNuYl8kEQZoe0oOgx”}

Please let us know what are missing from our end.

Thanks

Hi, @swathi.manoravi

This is odd! I’ve tried to replicate the issue redeeming a code with your curl command, and received the proper token response as expected, e.g.

{
  "access_token": "...",
  "token_type": "bearer",
  "refresh_token": "...",
  "expires_in": 86399,
  "scope": "r:locations:* x:devices:* r:rules:* r:scenes:* w:rules:* w:locations:* w:devices:* r:devices:* x:locations:* x:scenes:*",
  "installed_app_id": "...",
  "access_tier": 0
}

Therefore, to have a better reference of the issue you’re having, please share with me a reference of the /authorize request (url used, params sent, headers, etc.).

Also, I noticed that the format of your code is larger than the code I received while replicating the issue, therefore, verify that your request is indeed at https://api.smartthings.com/v1/oauth/authorize

Looking forward to your response!

Hi @erickv

We’re using the below url with clientId and redirect_url for getting authorization token.we’re not passing any headers and parameters in the url. is it mandatory to pass them?

https://api.smartthings.com/v1/oauth/authorize?client_id=\(clientId)&redirect_uri=\(callback)&response_type=code

after login success, getting the code like hPNC3pMjSNuYl8kEQZoe0oOgx. if this is not valid one, how to get valid code.

Please let us know what are the mandatory fields for this request.

Thanks

Hi, @swathi.manoravi

I noticed that your request is well-formatted, which makes me think that this issue is not related to the API but to the client/browser instead, i.e. your browser has been cached. Therefore, I recommend you try the following steps:

  • Clear your browser’s cookies and cache or test the OAuth Flow through a fresh Incognito tab.
  • Recreate your API Access project to refresh your app credentials.
  • Re-validate your app (see details here).

If the issue persists, please record the issue and send me the video along with the app Id and client Id to build@smartthings.com.

Looking forward to your update!

Hey, @swathi.manoravi

Have you been able to generate access tokens normally?

Hi Erick

Thanks for your support. We are able to generate access tokens.

1 Like

Awesome! Thanks for sharing your update.

Also, in order to let other community members know that in this thread a solution was found, can you please mark any of your or my comments as a solution? That would be of great help to spread the word.