Search code examples
node.jsoauth-2.0access-tokenhttp-status-code-403deviantart-api

Oauth2 GET request with access token returns 403 in NodeJS

I'm currently trying to develop a node application that consumes DeviantArt API.

All requests must go through Oauth2, so I decided to go with client_credentials flow as the code is going to be all private.

So, once I registered my application in DeviantArt I got my clientId and clientSecret.

I'm using client-oauth2 package for authorization, the code looks like this:

const Oauth2 = require('client-oauth2');

...

function auth() {
  return new Promise((resolve, reject) => {
    let auth = new Oauth2({
      clientId: KEYS.client_id,
      clientSecret: KEYS.client_secret,
      accessTokenUri: AUTH_URL, // https://www.deviantart.com/oauth2/token
      authorizationGrants: ['credentials']
    });

    auth.credentials.getToken()
    .then((data) => {
      resolve({
        token: data.accessToken
      });
    })
    .catch(reject);
  });
}

This is working so far and I'm getting my access_token. So, I can use this token to perform any request on the API, and it actually works through curl and browser with:

https://www.deviantart.com/api/v1/oauth2/browse/newest?access_token={{access_token}}

Back in my node application I'm using request package, the code looks like this:

const request= require('request');

...

function getDeviations(token) {
  return new Promise((resolve, reject) => {
    request(`https://www.deviantart.com/api/v1/oauth2/browse/newest?
        access_token=${token}`, (error, response, body) => {
      if (error || response.statusCode >= 400) {
        reject({
          error,
          response
        });
      } else {
        // do things and resolve
      }
    });
  });
}

And it returns 403 Forbidden.

I've been two days banging my head against the keyboard looking for a reason it would return 403 only with node. I've looked for differences in requests from browser, curl and node, but no clue at all...

Does anyone know what could be possibly happening?

Solution

  • I got it... faking user agent in headers...

    function getDeviations(token) {
  return new Promise((resolve, reject) => {
    request({
      url: `https://www.deviantart.com/api/v1/oauth2/browse/newest?
        access_token=${token}`,
      headers: {
        'User-Agent': 'curl/7.44.0'
      }
    }, (error, response, body) => {
      if (error || response.statusCode >= 400) {
        reject({
          error,
          response
        });
      } else {
        // do things and resolve
      }
    });
  });
}

    I cannot believe that this works.