I'm writing a Java Spring webapp that integrates with Coinbase API. I'm running into problems logging in with OAuth2. The docs don't seem to be complete, so I've run into some problems. I've been using https://docs.cdp.coinbase.com/sign-in-with-coinbase/docs/sign-in-with-coinbase-integration as my guide. The first step is to request access by calling "/oauth2/token". My first problem was that I got a 403 Forbidden error, but I finally got past that by adding "User-Agent" and "CB-VERSION" headers (not in the docs).
Now I get an HTML page back, which I guess I'm supposed to display to the user, but I had to add a "base" element to make the links in it work. That lets the user log into Coinbase, and I was thinking that this would lead to a call to my callback, but that's not happening.
BTW, I'm having to use "urn:ietf:wg:oauth:2.0:oob" as my redirect URI as I'm working from localhost.
How do I move forward here?
You misunderstood the documentation. First, you have to redirect your user to the coinbase site (replace the parameter values with the ones for your registered app):
GET https://login.coinbase.com/oauth2/auth?response_type=code&client_id=1532c63424622b6e9c4654e7f97ed40194a1547e114ca1c682f44283f39dfa49&redirect_uri=https%3A%2F%2Fexample.com%2Foauth%2Fcallback&state=134ef5504a94&scope=wallet:user:read,wallet:accounts:read
Then coinbase will redirect to the value you have given with the parameter redirect_uri (here: https://example.com/oauth/callback). In this redirect you get a code:
GET https://example.com/oauth/callback?code=4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&state=134ef5504a94
You then use this code login:
curl https://login.coinbase.com/oauth2/token \
-X POST \
-d 'grant_type=authorization_code&code=4c666b5c0c0d9d3140f2e0776cbe245f3143011d82b7a2c2a590cc7e20b79ae8&client_id=1532c63424622b6e9c4654e7f97ed40194a1547e114ca1c682f44283f39dfa49&client_secret=3a21f08c585df35c14c0c43b832640b29a3a3a18e5c54d5401f08c87c8be0b20&redirect_uri=https://example.com/oauth/callback'
The response from coinbase contains the access token that you can use for further requests.