The online racing simulator
Need help with OAuth authentication flow
Hi,

I registered a new app at https://www.lfs.net/account/api but I'm always getting `invalid_client` when trying to authenticate.

I tried with Postman, a python script and a php script. All three methods fail, so I'm guessing the app is not properly registered despite showing up as registered on the website?

Here's the python script I used:

from rauth import OAuth2Service
import json

client_id = ""
client_secret = ""
accessTokenUrl = "https://id.lfs.net/oauth2/access_token"
baseUrl = "https://id.lfs.net/"

service = OAuth2Service(
name="generatecardata",
client_id=client_id,
client_secret=client_secret,
access_token_url=accessTokenUrl,
authorize_url=accessTokenUrl,
base_url=baseUrl,
)

data = {
'grant_type': 'client_credentials',
}

session = service.get_auth_session(data=data, decoder=json.loads)
access_token = session.access_token
print(access_token)

And here's the php code I also tried from another forum post:


<?php

echo nl2br("Hello World\n");

// Request a Bearer token by using the client_credentials grant type.
// This requires client_id and client_secret.
// One can simply fetch that by POSTing those values. See below for example.

$accessTokenUrl = 'https://id.lfs.net/oauth2/access_token';
$accessTokenPost = [
'grant_type' => 'client_credentials',
'client_id' => '',
'client_secret' => '',
];

$context = stream_context_create([
'http' => [
'method' => 'POST',
'header' => 'Content-Type: application/x-www-form-urlencoded',
'content' => http_build_query($accessTokenPost),
'ignore_errors' => true,
]
]);
$result = file_get_contents($accessTokenUrl, false, $context);
if ($result)
{
$json = json_decode($result);
print_r($json);
}
else
{
var_dump($http_response_header);
var_dump($result);
}

Any help appreciated
#2 - Racon
I've compared it (the PHP version) to code that I've got in use and you're not missing anything that I can see. I'm using cURL with a follow option rather than file_get_contents... maybe there's a redirect in there somewhere?

$accessTokenPost = array( 'grant_type' => 'client_credentials',
'client_id' => LFS_OAUTH_CLIENTID,
'client_secret' => LFS_OAUTH_CLIENTSECRET);
$ch = curl_init(LFS_OAUTH_TOKEN_URL);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($accessTokenPost));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
if (!$result)
{
if ($debug)
{
echo 'failed to get token '.LFS_OAUTH_TOKEN_URL.' ';
var_dump($result);
var_dump($http_response_header);
}
exit();
}
$json = json_decode($result);
$bearerToken = $json->access_token;

Quote from Racon :I've compared it (the PHP version) to code that I've got in use and you're not...

Thanks, I tried that curl code and same thing. Must be an issue with how apps are registered then.
#4 - gu3st
Just throwing a random thought out there but could your server/local be being blocked by cloudflare?
Quote from gu3st :Just throwing a random thought out there but could your server/local be being...

I tried with/without VPN and it's the same response with status code 200.
Quote from Bass-Driver :which URL did you enter at redirect URL?
Because if you enter the wrong link, the authentication wont work.

Example:
https://www.lfs.net/forum/post/1998671#post1998671

Thanks!! That was it.

I had left it blank because the registration page says:
Quote :Redirect URIs are needed only for the Authorization Code flow. This means that if you use the Client Credentials flow, a Redirect URI is not required

But it is in fact needed.

FGED GREDG RDFGDR GSFDG