Troubleshooting OAuth2.0 Error

I’m looking for some help with an error I get while trying to initialize my Access Token call.

The 3rd-party I’m integrating with gave me a set of “dev” credentials and parameters, and I set up/tested everything (OAuth, Access Token, Refresh Token, and various api calls) with success.

Then I changed everything to “Prod” (new credentials, removed references to “sandbox” from the Paramaters) and successfully ran the OAuth call logging in to their site and being redirected back to my app with the success message from bubble.

Here’s my OAuth call with Prod credentials/parameters:

But, when I tried initializing the “Access Token” call (using the code provided in the redirect URL) I get the following error message.

A “401” error on their side is "401 Unauthorized - Your API key is missing. ". I’m not exactly sure what “API key” means but I’m using the same Client ID and Secret that the OAuth just used to authenticate.

Anyone have any ides as to why I could authenticate but not run the “Access Token” call?

P.S. Here’s the 3rd party dev resource page if anyone wants to dig

Why do you have a token API Call? If you let Bubble handle the oAuth2 process, you shouldn’t have this.
What happen is that the code is already used by Bubble. So it normally invalid since it was used. But you don’t need this because Bubble do all of that for you.

Thanks for looking at this @Jici .

Step 2 in this guide indicates needing to make such a call. Should I exclude this call? Why would it have worked using the sandbox/dev parameters?

While setting up the dev calls I copied the redirect URL “code”, initiated the call, and then copied the refresh token and initiated my “Refresh Token” call and that allowed me to proceed with the other calls.

Without the “Authorization Token” I’m not able to initiate the “Refresh Token”. Am I missing something? Thanks again for your help.

Like I told you, this part is alrealdy handled by Bubble. You don’t need this. Skip that and Bubble will handle the token and the refresh token.
If this doesn’t work, you will need to instead choose none or selfhandled and at this moment, you will need to create each step manually. But Bubble ask you in the oAuth2 all information needed for the token, authorize part. This is also enough in most case to handle the refresh part too.

So just remove this, initialize the API using sign in to social network in debug mode, and start adding your call. You don’t need to have the header too for authorization, Bubble will add it to all call.

Thanks for the clarification. But then how do I get the access token to initialize the /me enpoint? It’s asking for the “Bearer [access token]”. Same goes for all of the other calls. Were do I get the token from for the Authorization header? Is that saved on the user somehow, if so where and how do I reference it when triggering a call? Thanks.

It will be done automatically. Don’t care about that. Bubble will do it. Just create a call and Bubble will add authorization header for you with the correct bearer token.
Yes this is saved on the user and you cannot access. This make thing more secure.

Did not realize this. I had someone else help me build these calls out and they never mentioned this. I did what you suggested and re-ran the OAuth successfully. But, now when I run the /me endpoint I get a “resource not found” error so I think that’s on the 3rd-party side and am reaching out them about it.

Also - Their tokens expire after 2 hours. How would I refresh it without a specific call for that?

Thanks again for your help.

@bakercito when it comes to oauth2 authentication, we would recommend using Pathfix. :slight_smile: We handle the entire oauth process including token management, refresh tokens, user connectivity.

Although we currently dont have ProCore listed as a provider, we could certainly add it in a couple of days for you!

Thanks @Pathfix, I’ll think about that but will need to stick with this method for now.

Hi @Jici, I was able to successfully initialize the authentication call as you outlined…so thank you.

I have a couple follow up questions for you about this topic.

  1. I added this call, tried to initialize it, and received this error:

What am I missing to make this work? The call from the 3rd party doesn’t require any special things for it to work (just to be authenticated which I am).

  1. Tokens need to be refreshed every 2hours. Does this get taken care of automatically, or do I need to create a call for this and set up a workflow to run every 2 hours?

Thank you for looking at this.

I am using googles authO so it may not be totally relevant here but I simply have the app refresh a users token as needed, it will perform a simple logic check before actions that need a token for an API call and refresh if needed first.

No backend workflow needed and only happens once an hour at most when the user is in the app or as needed when the user isn’t.

1 Like

If you try to initialize the Call from API Connector, but the initial auth in run mode have expired, Bubble will not refresh it (for the API Connector). It will only work fo your user.
So actually, the error come from the API Connector, So you will need to reauthentate in debug_mode=true to be able to continue to initialize call in API Connector

1 Like

I reauthenticated in debug_mode=true and received the success message
Screen Shot 2021-08-04 at 3.58.39 PM

Here’s a screenshot showing it’s been initialized

But when I click “Initialize” on my call, I’m still getting the error about the access token being expired.

So, I’m not sure what I’m doing wrong. What might I be able to try next? Thanks!

I don’t know a lot about the procore API but I can see they have sandbox endpoint. Do they have different API Id and secret depending of the live or sandbox env? If this is the case, be sure to use the correct key.
Try to revoke authorization in procore and restart the auth process in debug mode.
The call seem to be ok.
If this doesn’t work, I suggest to send a support ticket to Bubble. I don’t see any error on your side.

I decided to start over and create a new API from scratch, and it worked! Thanks again for your help.

1 Like

But then how do you use the token that bubble makes in subsequent API calls that require authorization?