Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation not clear about usage of sdk.authorize() method #53

Open
joepio opened this issue Mar 29, 2021 · 2 comments
Open

Documentation not clear about usage of sdk.authorize() method #53

joepio opened this issue Mar 29, 2021 · 2 comments

Comments

@joepio
Copy link

joepio commented Mar 29, 2021

I'm trying to set up an app using the SDK, but I can't get my client to authorise.

Here's the relevant part of the docs that I fail to understand:

Screenshot 2021-03-29 at 20 53 26

My question boils down to this: what do I put in the code argument?

This is my code:

 const sdk = new SDK({
      baseUrl: 'http://api-sandbox.uphold.com',
      clientId: this.configService.get<string>('UPHOLD_CLIENT_ID'),
      clientSecret: this.configService.get<string>('UPHOLD_CLIENT_SECRET'),
    });
    this.sdk = sdk;

    sdk
      // What do I insert here?
      .authorize('code')
      .then(() => sdk.getMe())
      .then((user) => {
        console.log('sdk', user);
      });

And the error that I get:


Unhandled rejection UnauthorizedError: unauthorized
    at createError (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/@uphold/uphold-sdk-javascript/dist/core/utils/error-factory.js:20:14)
    at /Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/@uphold/uphold-sdk-javascript/dist/node/services/request-client.js:31:167
    at tryCatcher (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/promise.js:547:31)
    at Promise._settlePromise (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/promise.js:604:18)
    at Promise._settlePromise0 (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/promise.js:649:10)
    at Promise._settlePromises (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/promise.js:725:18)
    at _drainQueueStep (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/async.js:93:12)
    at _drainQueue (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/async.js:86:9)
    at Async._drainQueues (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/async.js:102:5)
    at Immediate.Async.drainQueues (/Users/joep/dev/src/gitlab.com/ontola/cash-link/node_modules/bluebird/js/release/async.js:15:14)
    at processImmediate (node:internal/timers:463:21)

Suggestions

Maybe I'm just missing something trivial, or this step is actually very simple and I'm just lacking some basic knowledge, but otherwise:

  • Return a more useful error then Unhandled rejection UnauthorizedError: unauthorized
  • Change the example in the docs and the description field for the code parameter which currently says Authorization code

Versions

Node v15.3.0, SDK 2.4.0
@waldyrious
Copy link

Hi @joepio — thanks for raising the issue. Indeed the documentation could be clarified. However, it seems to me that what's amiss here is background about the OAuth authorization code flow, which is not specific to this SDK. Please take a look at https://oauth.net/2/grant-types/authorization-code/ — the resources linked at the bottom of that page, in particular, offer a step-by-step overview of how it works.

As described in those pages, the authorization code needs to be is obtained via a manual process that can't be automated in code — which is a security feature: it ensures the user is shown a permissions screen to agree to, just like when you use your Google credentials to register a new account on a third-party website.

Please check our API documentation which explains how this process works in Uphold (note that it doesn't provide in-depth documentation about how OAuth works in general). You may also find it useful to check our runnable sample code for this flow.

Let me know if that helps!

@joepio
Copy link
Author

joepio commented Apr 16, 2021

Thanks for the help, @waldyrious !

I'm a bit confused about using the Authorization flow, as I understood that (as a business API user) I should use the Client-Crendentials flow over the Web Application flow. I've succeeded in getting a token using the Client-Credentials flow, but I don't know how to deal with the Authorization flow.

Can I use the obtained token in the SDK? The .setToken() method seems to require a refresh_token, too, which I didn't get using the Client-Credentials flow.

It seems to me that the SDK is primarily designed for the Web Application flow, and not for the Client Credentials flow. Is that correct?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@waldyrious @joepio