I’m looking for some help with an error I get while trying to initialize my Access Token call.
The 3rd-party I’m integrating with gave me a set of “dev” credentials and parameters, and I set up/tested everything (OAuth, Access Token, Refresh Token, and various api calls) with success.
Then I changed everything to “Prod” (new credentials, removed references to “sandbox” from the Paramaters) and successfully ran the OAuth call logging in to their site and being redirected back to my app with the success message from bubble.
Here’s my OAuth call with Prod credentials/parameters:
A “401” error on their side is "401 Unauthorized - Your API key is missing. ". I’m not exactly sure what “API key” means but I’m using the same Client ID and Secret that the OAuth just used to authenticate.
Anyone have any ides as to why I could authenticate but not run the “Access Token” call?
Why do you have a token API Call? If you let Bubble handle the oAuth2 process, you shouldn’t have this.
What happen is that the code is already used by Bubble. So it normally invalid since it was used. But you don’t need this because Bubble do all of that for you.
Step 2 in this guide indicates needing to make such a call. Should I exclude this call? Why would it have worked using the sandbox/dev parameters?
While setting up the dev calls I copied the redirect URL “code”, initiated the call, and then copied the refresh token and initiated my “Refresh Token” call and that allowed me to proceed with the other calls.
Without the “Authorization Token” I’m not able to initiate the “Refresh Token”. Am I missing something? Thanks again for your help.
@bakercito
Like I told you, this part is alrealdy handled by Bubble. You don’t need this. Skip that and Bubble will handle the token and the refresh token.
If this doesn’t work, you will need to instead choose none or selfhandled and at this moment, you will need to create each step manually. But Bubble ask you in the oAuth2 all information needed for the token, authorize part. This is also enough in most case to handle the refresh part too.
So just remove this, initialize the API using sign in to social network in debug mode, and start adding your call. You don’t need to have the header too for authorization, Bubble will add it to all call.
Thanks for the clarification. But then how do I get the access token to initialize the /me enpoint? It’s asking for the “Bearer [access token]”. Same goes for all of the other calls. Were do I get the token from for the Authorization header? Is that saved on the user somehow, if so where and how do I reference it when triggering a call? Thanks.
It will be done automatically. Don’t care about that. Bubble will do it. Just create a call and Bubble will add authorization header for you with the correct bearer token.
Yes this is saved on the user and you cannot access. This make thing more secure.
Did not realize this. I had someone else help me build these calls out and they never mentioned this. I did what you suggested and re-ran the OAuth successfully. But, now when I run the /me endpoint I get a “resource not found” error so I think that’s on the 3rd-party side and am reaching out them about it.
Also - Their tokens expire after 2 hours. How would I refresh it without a specific call for that?
@bakercito when it comes to oauth2 authentication, we would recommend using Pathfix. We handle the entire oauth process including token management, refresh tokens, user connectivity.
Although we currently dont have ProCore listed as a provider, we could certainly add it in a couple of days for you!
What am I missing to make this work? The call from the 3rd party doesn’t require any special things for it to work (just to be authenticated which I am).
Tokens need to be refreshed every 2hours. Does this get taken care of automatically, or do I need to create a call for this and set up a workflow to run every 2 hours?
I am using googles authO so it may not be totally relevant here but I simply have the app refresh a users token as needed, it will perform a simple logic check before actions that need a token for an API call and refresh if needed first.
No backend workflow needed and only happens once an hour at most when the user is in the app or as needed when the user isn’t.
If you try to initialize the Call from API Connector, but the initial auth in run mode have expired, Bubble will not refresh it (for the API Connector). It will only work fo your user.
So actually, the error come from the API Connector, So you will need to reauthentate in debug_mode=true to be able to continue to initialize call in API Connector
I don’t know a lot about the procore API but I can see they have sandbox endpoint. Do they have different API Id and secret depending of the live or sandbox env? If this is the case, be sure to use the correct key.
Try to revoke authorization in procore and restart the auth process in debug mode.
The call seem to be ok.
If this doesn’t work, I suggest to send a support ticket to Bubble. I don’t see any error on your side.
We handle the entire oauth process including token management, refresh tokens, user connectivity.
