invalid_grant when trying to convert a JS access code for an access_token
willsmanley opened this issue · comments
This isn't necessarily an issue with the library. Perhaps I am doing something wrong.
I use Pinterest's javascript SDK to authenticate a user, returning an access code successfully:
loadPinterestApi(){
const script = document.createElement("script");
script.async = true;
script.defer = true;
script.src = 'https://assets.pinterest.com/sdk/sdk.js';
script.onload = () => console.log('loaded pinterest sdk');
document.body.appendChild(script);
}
initPinterestClient(){
PDK.init({
appId: "xxxxxxxxxxxxxxx",
cookie: true,
});
PDK.login({ scope : 'read_public' }, function(response){
console.log('response', response);
// then i send the access code to my server
});
Once the access code arrives in my Pinterest controller, I do the suggested steps to swap the access code for an authentication token:
$access_token = "xxxxxxxxx"; // from web client
$pinterest = new Pinterest(config('env.PINTEREST_APP_ID'), config('env.PINTEREST_API_SECRET'));
$token = $pinterest->auth->getOAuthToken($access_token);
However this throws an exception:
DirkGroenen\Pinterest\Exceptions\PinterestException : Pinterest error (code: 401) with message: invalid_grant
I have made sure that the Pinterest account authenticating my app is listed as a collaborator for the app. I have also tried this flow as the developer account.
To be clear, my app is a "v1" app for which they say they are deprecating these endpoints (soon?). Am I supposed to be using the new beta API with this library? If not, why would I be getting an invalid grant?
On the other hand when I use the PHP/http method of creating an authentication URL:
$pinterest = new Pinterest(config('env.PINTEREST_APP_ID'), config('env.PINTEREST_API_SECRET'));
$loginurl = $pinterest->auth->getLoginUrl($url, array('read_public'));
I get this response:
{"status": "failure", "code": 12, "data": "path: /oauth/\nparams:<dict_itemiterator object at 0x7f7d75ce87d0>\nAuthError(code=500, message='dial tcp 127.0.0.1:22000: connect: connection refused')", "message": "Something went wrong on our end. Sorry about that.", "endpoint_name": "oauth_connect"}
I'm not sure if it's actually possible to convert a token generated by the JS SDK, so that might explain the invalid_grant error your receiving.
On the other hand the 'server-side method' as described in the README should work so I'm wondering why you're getting an error.
Can you share your code, or at least part of it, so I can try to reproduce it? For what it's worth now I would suggest to check if your API codes and URL are coming through correctly.
Good point - I assumed you could use a JS-generated token with the server-side API since Facebook/Instagram and Google/YouTube both support it.
Let me try again with server-side only code and hopefully that is the issue.
Yes just tried it with the server-side only code and it works fine now. Too bad they don't support JS -> server because that is really useful for sites that rely heavily on React or Angular.
For anyone else coming across this issue, a good way to implement the server-side logic into an SPA is to create a controlled popout window like react-popout
and capture the query parameters upon closure.
Thanks for your help @dirkgroenen !!
Appreciate your confirmation @willsmanley.
@dirkgroenen - Do you happen to know what the deal is with their V1 API deprecation? I can't seem to find anything on their sunset timelines or V2 documentation...
I do not unfortunately. I've applied for their V2 program to get some more info around it, but no luck so far.
@dirkgroenen Sorry to ask another question on a closed issue, but do you recall as to how long it took them to approve your V1 app? I am still waiting for mine - probably a covid delay
Back when I used the Pinterest API for the last time (years ago) an app didn't require any approval, so I'm afraid I can't help you with that one @willsmanley.