Search code examples
google-apps-scriptoauth-2.0tumblr

Why am I reciving a 403 error when trying to authorize Apps Script with the Tumblr api?

I'm completely new to oauth and APIs, and I'm trying to use some example apps script oauth code for accessing the Basecamp API to create a post on Tumblr:

var npfPost = {
    "content": [
        {
            "type": "text",
            "text": "Hello world!"
        }
    ]
}

function run() {
  var service = getService_();
  if (service.hasAccess()) {
    var url = 'https://api.tumblr.com/v2/blog/{blog_id}.tumblr.com/posts';
    var options = {
      'method' : 'post',
      'muteHttpExceptions' : true,
      npfPost,

      headers: {
        Authorization: 'Bearer ' + service.getAccessToken()
            }
    }
    var response = UrlFetchApp.fetch(url, options);
    var result = JSON.parse(response.getContentText());
    Logger.log(JSON.stringify(result, null, 2));
  } else {
    var authorizationUrl = service.getAuthorizationUrl();
    Logger.log('Open the following URL and re-run the script: %s',
        'https://' + authorizationUrl);
  }
}


function reset() {
  getService_().reset();
}

function getService_() {
  return OAuth2.createService('Tumblr')
      // Set the endpoint URLs.
      .setAuthorizationBaseUrl('www.tumblr.com/oauth2/authorize')
      .setTokenUrl('api.tumblr.com/v2/oauth2/token')

      // Set the client ID and secret.
      .setClientId(CLIENT_ID)
      .setClientSecret(CLIENT_SECRET)

      // Set the name of the callback function that should be invoked to
      // complete the OAuth flow.
      .setCallbackFunction('authCallback')

      // Set the property store where authorized tokens should be persisted.
      .setPropertyStore(PropertiesService.getUserProperties())
}

function authCallback(request) {
  var service = getService_();
  var authorized = service.handleCallback(request);
  if (authorized) {
    return HtmlService.createHtmlOutput('Success!');
  } else {
    return HtmlService.createHtmlOutput('Denied.');
  }
}

function logRedirectUri() {
  Logger.log(OAuth2.getRedirectUri());
}

I've successfully generated an authorization url, which I expected to send me straight to the authCallback function after I authorized access. Instead I get the following error from apps script:

Error: Error retrieving token: 403: {"meta":{"status":403,"msg":"Forbidden"},"response":[],"errors":[{"title":"Forbidden","code":5006,"detail":"A secure connection (https) is required to access the Tumblr API"}]} (line 605, file "Service")

What part of my connection do I need to secure?

Solution

  • From OP's reply of Good catch, that did the trick! Thank you so much, I understood that my guess was the correct way to resolve OP's issue. In this case, I thought that the solution might be useful for other users. So, I posted it as the following answer.

    In this modification, the issue was resolved by adding https:// as follows.

    From:

    .setAuthorizationBaseUrl('www.tumblr.com/oauth2/authorize')
.setTokenUrl('api.tumblr.com/v2/oauth2/token')

    To:

    .setAuthorizationBaseUrl('https://www.tumblr.com/oauth2/authorize')
.setTokenUrl('https://api.tumblr.com/v2/oauth2/token')