I am working on an application that updates a group of spreadsheets. I am trying to use an "App" which has a client id and client secret for authorization. This is going to run via an ETL job with a service account. However, every single code example I find (including in the sdk) shows user interaction being needed. For instance if you look at the code below (this was an example from the sdk however mine is pretty much the same thing), when you get the authorization URL, allegedly the user needs to accept a prompt before you can get the "authorization code" which is mandatory. If you don't interact with the prompt, you just get a Smartsheet.Api.OAuth.OAuthTokenException: 'Token request failed with http error code: Forbidden' error.
Any direction on if there's something coding-wise I have to include, or if I need to go another method/route would be greatly appreciated.
Thank you,
private static void UseOAuthFlow()
{
OAuthFlow oauth = new OAuthFlowBuilder()
.SetClientId("1tziajulcsbqsswgy37")
.SetClientSecret("sxouqll7zluvzmact3")
.SetRedirectURL("https://www.google.com")
.Build();
string url = oauth.NewAuthorizationURL
(
new Smartsheet.Api.OAuth.AccessScope[]
{
Smartsheet.Api.OAuth.AccessScope.READ_SHEETS,
Smartsheet.Api.OAuth.AccessScope.WRITE_SHEETS,
Smartsheet.Api.OAuth.AccessScope.SHARE_SHEETS,
Smartsheet.Api.OAuth.AccessScope.DELETE_SHEETS,
Smartsheet.Api.OAuth.AccessScope.CREATE_SHEETS,
Smartsheet.Api.OAuth.AccessScope.READ_USERS,
Smartsheet.Api.OAuth.AccessScope.ADMIN_USERS,
Smartsheet.Api.OAuth.AccessScope.ADMIN_SHEETS,
Smartsheet.Api.OAuth.AccessScope.ADMIN_WORKSPACES,
},
"key=Test"
);
// Take the user to the following URL
Debug.WriteLine(url);
// After the user accepts or declines the authorization they are taken to the redirect URL. The URL of the page
// the user is taken to can be used to generate an authorization RequestResult object.
string authorizationResponseURL = "https://www.google.com/?code=yn8kl1kvruh31uj&expires_in=599957&state=key=Test";
// On this page pass in the full URL of the page to create an authorizationResult object
AuthorizationResult authResult = oauth.ExtractAuthorizationResult(authorizationResponseURL);
// Get the token from the authorization result
Token token = oauth.ObtainNewToken(authResult);
Assert.IsTrue(token.AccessToken == "ACCESS_TOKEN");
Token tokenRefreshed = oauth.RefreshToken(token);
Assert.IsTrue(token.AccessToken != "ACCESS_TOKEN");
oauth.RevokeToken(token);
SmartsheetClient smartsheet = new SmartsheetBuilder().SetAccessToken(token.AccessToken).Build();
try
{
smartsheet.SheetResources.ListSheets(null, null);
Assert.Fail();
}
catch
{
}
}
Technically, you could use OAuth in this scenario -- but only after you've obtained the initial access token manually -- for example, by using a combination of the browser and an API tool like Postman to complete the OAuth flow that generates the initial token. My answer in this other SO thread provides details about this process: Is it possible to use Smartsheet OAuth from a Windows Service?