Search code examples
c#oauth-2.0.net-corecoinbase-api

Coinbase OAuth Failure Not Found

I'm trying to setup OAuth in my application for coinbase. I'm running into issues after authorizing in the callback Redirect.

I've got a .Net-Core Application Setup like so:

public const string COINBASE_AUTH_ID = "coinbase";

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();

    services.AddAuthentication(options =>
    {
       options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
       options.DefaultChallengeScheme = COINBASE_AUTH_ID;
    })
    .AddCookie()
    .AddOAuth(COINBASE_AUTH_ID, options =>
    {
        options.ClientId = Configuration["Coinbase:ClientId"];
        options.ClientSecret = Configuration["Coinbase:ClientSecret"];
        options.CallbackPath = new PathString("/signin-coinbase");

        options.AuthorizationEndpoint = "https://www.coinbase.com/oauth/authorize";
        options.TokenEndpoint = "http://www.coinbase.com/oauth/token";

        options.SaveTokens = true;
 //...

After I Click the Authorize Button, I'm redirected to my call back url: localhost/signin-coinbase there I get an error:

Exception: OAuth token endpoint failure: Status: NotFound;Headers: Cache-Control: no-store, must-revalidate, no-cache, private

in the body section of the error, there is a message:

Body: Invalid request. Instead of a GET request, you should be making a POST with valid POST params. For more information, see https://developers.coinbase.com/docs/wallet/coinbase-connect;

EDIT This error occurs in Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler

I'm speculating the cause is that the authentication handler is making a Get Request to the /oauth/token api but it should be making a post, Any Ideas?

Should I try using Oidc?

Solution

  • I've create a nuget package for this so others can avoid the issues I've had:

    Install-Package Coinbase.Authentication

    Turns out their documentation is wrong. At the top it states their token endpoint is:

    They claim their token access url is:

    Access Token URL: http://www.coinbase.com/oauth/token

    This seemed a bit bizarre to me because their token endpoint is not using ssl. While scouring the internet I found an application which uses the proper url:

    Basically to fix this I changed the options to look like so:

    .AddOAuth(COINBASE_AUTH_ID, options =>
{
    options.ClientId = Configuration["Coinbase:ClientId"];
    options.ClientSecret = Configuration["Coinbase:ClientSecret"];
    options.CallbackPath = new PathString("/signin-coinbase");

    options.AuthorizationEndpoint = "https://www.coinbase.com/oauth/authorize";
    options.TokenEndpoint = "https://api.coinbase.com/oauth/token";


 //...