I'm trying to setup OAuth in my application for coinbase. I'm running into issues after authorizing in the callback Redirect.
I've got a .Net-Core Application Setup like so:
public const string COINBASE_AUTH_ID = "coinbase";
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = COINBASE_AUTH_ID;
})
.AddCookie()
.AddOAuth(COINBASE_AUTH_ID, options =>
{
options.ClientId = Configuration["Coinbase:ClientId"];
options.ClientSecret = Configuration["Coinbase:ClientSecret"];
options.CallbackPath = new PathString("/signin-coinbase");
options.AuthorizationEndpoint = "https://www.coinbase.com/oauth/authorize";
options.TokenEndpoint = "http://www.coinbase.com/oauth/token";
options.SaveTokens = true;
//...
After I Click the Authorize Button, I'm redirected to my call back url: localhost/signin-coinbase there I get an error:
Exception: OAuth token endpoint failure: Status: NotFound;Headers: Cache-Control: no-store, must-revalidate, no-cache, private
in the body section of the error, there is a message:
Body: Invalid request. Instead of a GET request, you should be making a POST with valid POST params. For more information, see https://developers.coinbase.com/docs/wallet/coinbase-connect;
EDIT
This error occurs in Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler
I'm speculating the cause is that the authentication handler is making a Get Request to the /oauth/token
api but it should be making a post, Any Ideas?
Should I try using Oidc?
I've create a nuget package for this so others can avoid the issues I've had:
Install-Package Coinbase.Authentication
Turns out their documentation is wrong. At the top it states their token endpoint is:
They claim their token access url is:
Access Token URL: http://www.coinbase.com/oauth/token
This seemed a bit bizarre to me because their token endpoint is not using ssl. While scouring the internet I found an application which uses the proper url:
Basically to fix this I changed the options to look like so:
.AddOAuth(COINBASE_AUTH_ID, options =>
{
options.ClientId = Configuration["Coinbase:ClientId"];
options.ClientSecret = Configuration["Coinbase:ClientSecret"];
options.CallbackPath = new PathString("/signin-coinbase");
options.AuthorizationEndpoint = "https://www.coinbase.com/oauth/authorize";
options.TokenEndpoint = "https://api.coinbase.com/oauth/token";
//...