How to request access token from Battle.net OAuth with authorization code?
I have a hobby project in mind to use battle.net login. I'm wondering how I can obtain the access token from the API after receiving the authorization code.
This is Oauth flow question rather than a battle.net question.
Currently I can successfully authorize the user for my app which is registered in dev.battle.net and then I try to use the authorization code returned from the battle.net login to obtain the access token by sending a request to https://<region>.battle.net/oauth/token.
However I keep receiving this error:
{
"error": "unauthorized",
"error_description": "An Authentication object was not found in the SecurityContext"
}
I use postman extension to send post requests to that uri. I authenticate my request with my client id and secret. I pass redirect_uri (https://localhost), granty_type (authorization_code), code(the code returned from the previous authorization step). However I keep getting the error above.
I couldn't find much about battle.net online. There are other oauth related help articles but couldn't really find my way. Wondering if you can help me with this easy stuff. I'm just wondering what I'm skipping here.
Here is the documentation: https://dev.battle.net/docs/read/oauth
https://localhost is added in my mashery dev account's app settings.
Me again, I resolved this problem after trying almost every combination in the universe:)
Steps to apply:
- Don't use the same authorization token for different access token trials, they are not valid
- Always use https on every domain you test including localhost, you redirect_uri must be https as well.
- You must use the "basic authentication" in the header of your POST request while requesting the token from the authorization code you obtained from the previous step.
- This is one of the most important ones: For requesting token, Pass redirect_uri, client key and secret as POST form parameters to the authenticated request. This is interesting because it's already an authenticated request; why would i need to pass my secret again? Anyways, that's how it works.
Here are the full text: http://hakanu.net/oauth/2017/01/26/complete-guide-of-battle-net-oauth-api-and-login-button/
This is working prototype: https://owmatch.me
Thanks.
- How to store sensitive data in React Native or expo code ? ( with Keychain and Keystore )
- Using basic oauth to send a tweet
- Spring Boot redirection back to login page
- Unsuccessful using OAuth 2 access token to send emails via Gmail
- Logging in users with API built in laravel
- LinkedIn API: The token used in the OAuth request has been revoked
- How to get LinkedIn access token in iOS to call API?
- OAuth Client Credential Flow - Refresh Tokens
- AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'
- ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider
- EXPO AuthSession returns dismiss on Android device
- Threads Meta API/Auth Callback URLs
- Is storing an OAuth token in cookies bad practice?
- Firebase credentials as Python environment variables: Could not deserialize key data
- Azure Authenticatication Flow in a Desktop App (WinForms C#)
- Check OAuth Facebook token from iOS client on server/API
- Role based authorization using Keycloak and .NET core
- Amazon Cognito: How to stop getting "redirect_mismatch" error when redirecting from browser to Android app
- How to use SHA256-HMAC in python code?
- Facebook OAuth "The domain of this URL isn't included in the app's domain"
- How get config file values in other config file - Laravel 5
- Snowflake custom OAuth not working with invalid_client error
- How to Locate and Customize the OAuth Implicit Flow Redirect Screen?
- Keycloak - Assign a client scope to user with a specific role
- Implementing a dynamic OAuthBearerServerOptions AccessTokenExpireTimeSpan value from data store
- How to call an OAuth API once I have the access_token and refresh_token
- React App on Azure (Windows) Web App Not Reading Environment Variables for Auth0
- OAuth2 WebApi Token Expiration
- Origin is "not allowed" for given client ID when origin was added
- Angular CORS Error When Following Backend Redirect for OAuth2 Logout