Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Webhook OAuth - How do I exchange a webhook authorization code for an access token?

Tags:

I'm trying to use the oauth approach of adding webhooks to channels within Discord. The workflow is that a user authenticates with my application using OAuth. Then I redirect them to:

ApiClient::API_URL.'/oauth2/authorize?client_id='.Discord::appKey().'&scope=webhook.incoming&redirect_uri='.urlencode($webhookCallback->callbackUrl()).'&response_type=code');

The redirect URL works because it does allow the OAuth'd user to choose a server/channel.

When you exchange the authorization code for an access token, the token response will contain the webhook object:

I'm using the following request to try to convert the authorization code into an access token with no luck:

    $client = new Client();
    $response = $client->post('https://discordapp.com/api/oauth2/token', [
        'headers' => [
            'Accept' => 'application/json'
        ],
        'form_params' => [
            'grant_type' => 'authorization_code',
            'client_id' => env('DISCORD_APP_KEY'),
            'client_secret' => env('DISCORD_APP_SECRET'),
            'redirect_uri' => url('/discord/webhook-authorized'),
            'code' => $request->get('code')
        ],
    ]);

The response I get from the API is:

Client error: `POST https://discordapp.com/api/oauth2/token` resulted in a `401 UNAUTHORIZED` response:
{"error": "access_denied"}

What grant type do I need to complete this request?

like image 364
Webnet Avatar asked Jun 10 '17 20:06

Webnet


People also ask

What can you do with a webhook token?

Webhook Tokens are unique authentication keys specific to a user. They are used to authenticate incoming webhook calls to any Cliq platform component. Each user can generate a maximum of 5 Webhook Tokens. The webhooks API allows your Cliq platform component to subscribe to events from other third-party applications.

How can I get access token authorization code?

The authorization code grant is used when an application exchanges an authorization code for an access token. After the user returns to the application via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.

How do I get webhook token?

You can obtain the webhook id by looking at its link, the number after https://discord.com/api/webhooks/ is the id , and the part after that is the token .


1 Answers

'grant_type' => 'authorization_code',

needed to be

'grant_type' => 'client_credentials',

like image 60
Webnet Avatar answered Oct 11 '22 17:10

Webnet