Jump to content

React OAuth Access Token 401 Unauthorized error


OmniTech

Recommended Posts

The handleGetAuthorizationCode() works, I can already get my Authorization code but when trying to get a Access Token, I'm getting 401 Unauthorized error, my code in in the 3rd picture, am I doing it wrong?

1.png

2.png

3.png

Link to comment
Share on other sites

50 minutes ago, Jay Rock said:

Hello, thank you for a question. Please give me a more precise sample of the request.

image.thumb.png.288b2069680ab6b6b9df6ea82f5006cd.png

I censored the url and the client_secret.

curl 'https://api.loyverse.com/oauth/token' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'origin: https://**************.com' \
  -H 'referer: https://**************.com/' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --data-raw '{"client_id":"jvvDK-U6kQ7fFFfb3-ff","client_secret":"******************************************************************","redirect_uri":"https://**************.com","code":"fLDgmF","grant_type":"authorization_code"}' \
  --compressed

Link to comment
Share on other sites

Looks like you generated a  JSON object instead x-www-form-urlencoded. Please double check.

image.thumb.png.de833e01b1567c071cf841450b7a3d95.png

Edited by Jay Rock
Link to comment
Share on other sites

It worked, I got 200 OK response but now I'm encountering CORS error

47 minutes ago, Jay Rock said:

Looks like you generated a  JSON object instead x-www-form-urlencoded. Please double check.

image.thumb.png.de833e01b1567c071cf841450b7a3d95.png

 

4.png

5.png

Edited by OmniTech
Link to comment
Share on other sites

My site is already running through Nginx but I'm still getting CORS error:

curl 'https://api.loyverse.com/oauth/authorize' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'cache-control: max-age=0' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'cookie: _ga=GA1.1.858668138.1695212056; _vwo_uuid=D35989D99F9432AB5B75A9322B8A81E9E; _vwo_ds=3%241695315746%3A42.48334429%3A%3A; intercom-device-id-re5afjv3=67153bb0-dba7-4fc0-bef3-31bb0619ce84; _vwo_uuid_v2=DA1F8919D943D9B0DA11A711700A40703|0385ce800dcb2cc1f3cf4aaf391347b1; _clck=1qi7gzl|2|ffi|0|1358; intercom-session-re5afjv3=cndoN2xYaG9OZDFVZEFncWp6b2xSemdTMEJEdWhqOENOd1ZsVFo4dE5jY011R0RTQTRldFhQR3VGU0pSUGp2aC0tOXdJZlN1RmdzaGtEck8zMFZhaFhmdz09--b5d6991992db5dc53c993680c12b9fff90273fb7; _ga_3KWXPBTJ0S=GS1.1.1696275805.5.1.1696275820.0.0.0; _vis_opt_s=5%7C; _vis_opt_test_cookie=1; JSESSIONID=75751FB14B0680E0574F9B398F4C8BC1; _clsk=6ma08|1696276966636|7|1|s.clarity.ms/collect; AWSALB=piqIgqF+ZXvJywcBFSoOdoWlf0xwI04hnJdZjDfMPmHV+ehZSybAl76GWHWcUPXMj//Ze+zXzheqAQtsMcw0AWEGBeuPdsxryv7ohq7S9rPrDWpC8G2fKkiQBzpG; AWSALBCORS=piqIgqF+ZXvJywcBFSoOdoWlf0xwI04hnJdZjDfMPmHV+ehZSybAl76GWHWcUPXMj//Ze+zXzheqAQtsMcw0AWEGBeuPdsxryv7ohq7S9rPrDWpC8G2fKkiQBzpG; mp_92c6e09f236098fe1dd8f045937cc868_mixpanel=%7B%22distinct_id%22%3A%202508755%2C%22%24device_id%22%3A%20%2218ab8b1528aa01-045b1f89b5cdfd-26031e51-1fa400-18ab8b1528aa01%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fdeveloper.loyverse.com%2F%22%2C%22%24initial_referring_domain%22%3A%20%22developer.loyverse.com%22%2C%22%24user_id%22%3A%202508755%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D; _vwo_sn=960077%3A13%3A%3A%3A1; _ga_HQQLJ83BKE=GS1.1.1696275757.6.1.1696277043.60.0.0' \
  -H 'origin: https://loyverse.com' \
  -H 'referer: https://loyverse.com/' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: same-site' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --data-raw 'app_name=Queue&client_id=jvvDK-U6kQ7fFFfb3-ff&redirect_uri=https%3A%2F%2F****************************.com%2Fhome&response_type=code&scope=RECEIPTS_READ&state=*****************************************************%3D%3D&user_oauth_approval=true' \
  --compressed ;
curl 'https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \
  -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Cache-Control: max-age=0' \
  -H 'Connection: keep-alive' \
  -H 'Referer: https://loyverse.com/' \
  -H 'Sec-Fetch-Dest: document' \
  -H 'Sec-Fetch-Mode: navigate' \
  -H 'Sec-Fetch-Site: cross-site' \
  -H 'Sec-Fetch-User: ?1' \
  -H 'Upgrade-Insecure-Requests: 1' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://****************************.com/assets/index-8d7007fb.js' \
  -H 'Accept: */*' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'If-Modified-Since: Mon, 02 Oct 2023 20:03:54 GMT' \
  -H 'If-None-Match: "651b222a-4b1da"' \
  -H 'Origin: https://****************************.com' \
  -H 'Referer: https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \
  -H 'Sec-Fetch-Dest: script' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://****************************.com/assets/index-613a36d1.css' \
  -H 'Accept: text/css,*/*;q=0.1' \
  -H 'Accept-Language: en-US,en;q=0.9' \
  -H 'Connection: keep-alive' \
  -H 'If-Modified-Since: Mon, 02 Oct 2023 20:03:54 GMT' \
  -H 'If-None-Match: "651b222a-22e0"' \
  -H 'Referer: https://****************************.com/home?code=QW6wM5&state=*****************************************************%3D%3D' \
  -H 'Sec-Fetch-Dest: style' \
  -H 'Sec-Fetch-Mode: no-cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'chrome-extension://bkkbcggnhapdmkeljlodobbkopceiche/injectScript.js' \
  -H 'Referer;' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed ;
curl 'https://fonts.googleapis.com/css2?family=Mulish:wght@200;300;400;500;600;700;800;900&display=swa' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'Referer: https://****************************.com/' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Referer: https://****************************.com/' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -X 'OPTIONS' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'access-control-request-headers: authorization' \
  -H 'access-control-request-method: GET' \
  -H 'origin: https://****************************.com' \
  -H 'referer: https://****************************.com/' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed ;
curl $'data:image/svg+xml,%3Csvg width=\'25\' height=\'18\' viewBox=\'0 0 25 18\' fill=\'none\' xmlns=\'http://www.w3.org/2000/svg\'%3E%3Cpath d=\'M19.4127 6.4904C18.6984 6.26581 18.3295 6.34153 17.5802 6.25965C16.4219 6.13331 15.9604 5.68062 15.7646 4.51554C15.6551 3.86516 15.7844 2.9129 15.5048 2.32334C14.9699 1.19921 13.7183 0.695046 12.461 0.982805C11.3994 1.22611 10.516 2.28708 10.4671 3.37612C10.4112 4.61957 11.1197 5.68054 12.3363 6.04667C12.9143 6.22097 13.5284 6.3087 14.132 6.35315C15.2391 6.43386 15.3241 7.04923 15.6236 7.55574C15.8124 7.87508 15.9954 8.18975 15.9954 9.14193C15.9954 10.0941 15.8112 10.4088 15.6236 10.7281C15.3241 11.2334 14.9547 11.5645 13.8477 11.6464C13.244 11.6908 12.6288 11.7786 12.0519 11.9528C10.8353 12.3201 10.1268 13.3799 10.1828 14.6234C10.2317 15.7124 11.115 16.7734 12.1766 17.0167C13.434 17.3056 14.6855 16.8003 15.2204 15.6762C15.5013 15.0866 15.6551 14.4187 15.7646 13.7683C15.9616 12.6032 16.423 12.1505 17.5802 12.0242C18.3295 11.9423 19.1049 12.0242 19.8071 11.6253C20.5491 11.0832 21.212 10.2696 21.212 9.14192C21.212 8.01428 20.4976 6.83197 19.4127 6.4904Z\' fill=\'%23F44250\'/%3E%3Cpath d=\'M7.59953 11.7459C6.12615 11.7459 4.92432 10.5547 4.92432 9.09441C4.92432 7.63407 6.12615 6.44287 7.59953 6.44287C9.0729 6.44287 10.2747 7.63407 10.2747 9.09441C10.2747 10.5536 9.07172 11.7459 7.59953 11.7459Z\' fill=\'black\'/%3E%3Cpath d=\'M2.64217 17.0965C1.18419 17.093 -0.0034949 15.8971 7.72743e-06 14.4356C0.00352588 12.9765 1.1994 11.7888 2.66089 11.7935C4.12004 11.797 5.30772 12.9929 5.30306 14.4544C5.29953 15.9123 4.10366 17.1 2.64217 17.0965Z\' fill=\'black\'/%3E%3Cpath d=\'M22.3677 17.0965C20.9051 17.1046 19.7046 15.9217 19.6963 14.4649C19.6882 13.0023 20.8712 11.8017 22.3279 11.7935C23.7906 11.7854 24.9911 12.9683 24.9993 14.4251C25.0075 15.8866 23.8245 17.0883 22.3677 17.0965Z\' fill=\'black\'/%3E%3C/svg%3E%0A' \
  -H 'Referer;' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed ;
curl $'data:image/svg+xml,%3Csvg xmlns=\'http://www.w3.org/2000/svg\' class=\'h-6 w-6\' fill=\'none\' viewBox=\'0 0 24 24\' stroke=\'%23999\' stroke-width=\'2\'%3E%3Cpath stroke-linecap=\'round\' stroke-linejoin=\'round\' d=\'M21 21l-6-6m2-5a7 7 0 11-14 0 7 7 0 0114 0z\' /%3E%3C/svg%3E' \
  -H 'Referer;' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed ;
curl 'https://api.loyverse.com/oauth/token' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: application/json, text/plain, */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'origin: https://****************************.com' \
  -H 'referer: https://****************************.com/' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --data-raw 'client_id=jvvDK-U6kQ7fFFfb3-ff&client_secret=*****************************************************%3D%3D&redirect_uri=https%3A%2F%2F****************************.com%2Fhome&code=QW6wM5&grant_type=authorization_code' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Referer: https://****************************.com/' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -X 'OPTIONS' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'access-control-request-headers: authorization' \
  -H 'access-control-request-method: GET' \
  -H 'origin: https://****************************.com' \
  -H 'referer: https://****************************.com/' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Referer: https://****************************.com/' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'Authorization: Bearer f8466237695047479b21fdfd1369d34b' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --compressed ;
curl 'https://api.loyverse.com/v1.0/receipts' \
  -X 'OPTIONS' \
  -H 'authority: api.loyverse.com' \
  -H 'accept: */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'access-control-request-headers: authorization' \
  -H 'access-control-request-method: GET' \
  -H 'origin: https://****************************.com' \
  -H 'referer: https://****************************.com/' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: cross-site' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  --compressed

Edited by OmniTech
Link to comment
Share on other sites

This one looks like works.

GET https://api.loyverse.com/v1.0/receipts sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, */* Referer: https://****************************.com/ sec-ch-ua-mobile: ?0 Authorization: Bearer ************************************ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows"

 

Request with method OPTIONS returns an invalid token error.

OPTIONS https://api.loyverse.com/v1.0/receipts authority: api.loyverse.com accept: */* accept-language: en-US,en;q=0.9 access-control-request-headers: authorization access-control-request-method: GET origin: https://****************************.com referer: https://****************************.com/ sec-fetch-dest: empty sec-fetch-mode: cors sec-fetch-site: cross-site user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36

 

If you read about the OPTIONS method it's a pre-flight request from the browser. Without a proper response from the OPTIONS request, the browser won't send the main request with the GET method like/ receipts.

 

Hopefully, we will fix this issue in the near future.

We recommend avoiding sending pre-flight requests, or waiting until pre-flight requests will be fixed.

Edited by Jay Rock
Link to comment
Share on other sites

Loyverse Point of Sale

 

 

 

 

×
×
  • Create New...