API connector Oauth2 problem

Hi everyone !

I’m still new to using APIs in bubble.

I would like to integrate the Twist application in my website using API connector.
I used OAuth 2 authentication and parameters as indicated in the Twist API doc: https://developer.twist.com/v3/#introduction.

So it looks like this :

Then I created a button and a workflow to test the API :

When I click on the button in the preview page, I get the following error :

How can I solve this problem? Can you help me please ?

There’s a few thing to check
I think you need to set scopes,
The user endpoint seem to be https://api.twist.com/api/v3/users/get_session_user
And did you try token is returned as querystring?

The documentation says a parameter called state is required. Bubble doesn’t provide a field for this. You can try changing your login dialog redirect to https://twist.com/oauth/authorize?state=(any random string), but I highly doubt that will work.

I think what may be required is to do the OAuth process manually. Start with setting authentication to none/self-handled.

I’ll roughly outline the steps for a manual OAuth.

  1. You need to direct a user to the twist login page using a workflow, and the action navigate to external link. The external link will look something like https://twist.com/oauth/authorize?client_id=yourID&state=anything&redirect_uri=thePageYouWantToNavigateBackTo. There could be additional parameters needed in that link separated by an &.
  2. After the user logs in on Twist, Twist will navigate you back to the redirect_uri along with parameters in the URL including an authorization code. So you will be navigated back to a page like www.thePageYouWantToNavigateBackTo.com?code=anything&state=anything. You will need to use a workflow to grab that authorization code parameter from the page URL and save that to the DB.
  3. Using that auth code grabbed from the url, you can now make the API call to trade the authorization code for an access token. Make a post call at https://twist.com/oauth/access_token. In the body of that call its going to be something like client_id=<yourClient_ID>&client_secret=<yourClient_Secret>&code=<theCodeYouGotFrom_URL>
  4. The post call from above will reply with an access token which you will use for any other api calls.

Here’s what work for me without doing manual process.

You can add more Scope :wink:

1 Like

This topic was automatically closed after 70 days. New replies are no longer allowed.