1

The SurveyMonkey API (documentation) requires implementation of oauth to let the user decide which scopes of their account the developer has access to.

I have the following code (adapted from this question) as a means to implement the first two steps in their documentation:

app.get('/surveymonkey/oauth', function (req, res) {

    const code = req.query.code;

    const post_body = querystring.stringify({
        "client_secret": <client_secret>,
        "redirect_uri": "https://b2e3b137.ngrok.io/surveymonkey/oauth",
        "grant_type": "authorization_code",
        "code": code
    });

    const options = {
        hostname: 'api.surveymonkey.net',
        port: 443,
        path: 'oauth/authorize?api_key=<api_key>&redirect_uri=https%3A%2F%2Fb2e3b137.ngrok.io%2Fsurveymonkey%2Foauth&response_type=code&client_id=<client_id>',
        method: 'GET',
        headers: {
           'Content-Type': 'application/x-www-form-urlencoded',
           'Content-Length': Buffer.byteLength(post_body)
        }
   }; 

   res.redirect('https://api.surveymonkey.net/oauth/authorize?api_key=<api_key>&redirect_uri=https%3A%2F%2Fb2e3b137.ngrok.io%2Fsurveymonkey%2Foauth&response_type=code&client_id=<client_id>');

   console.log(req.params);
   console.log(req.body);
   console.log(req.query);

   req.on('error', function(e) {
      console.error(e);
   });

});

When I fire up an ngrok server (ngrok http 443), everything is going fine, except when I hit the '/surveymonkey/oauth' route and validate the scopes (acting as the user), I get redirected to the route I specified in my SurveyMonkey App console, which contains the short-lived 'code' param that I'm trying to assign to the user, but I cannot get access to the 'code' param in the query string since it's been redirected to a different site.

The problem I'm currently facing looks similar to this and this, and I'm trying to get meaningful data back from req, but as you can see in the comments above, all of the data is undefined.

Community
  • 1
  • 1
Adam Freymiller
  • 1,929
  • 7
  • 27
  • 49
  • why do you have the `res.redirect` right before the console.log? When you go to https://api.surveymonkey.net/oauth/authorize it'll redirect you to "https%3A%2F%2Fb2e3b137.ngrok.io%2Fsurveymonkey%2Foauth" which is the view from your example. Wouldn't that infinite redirect? Or am I'm misunderstanding the express code. Try removing the redirect and go directly to the SurveyMonkey link from your browser (/oauth/authorize one) and click "Authorize" button, it should then hit that view you're showing above and see if the console.log has the code. – General Kandalaft Jul 03 '16 at 01:54
  • When I removed the redirect statement, the console.log had the same 'undefined' output as before when. Furthermore, how do I programmatically tell users to visit the link within the user flow of being on my site if I don't use the res.redirect function? – Adam Freymiller Jul 03 '16 at 02:23
  • If you just go directly to your site with a param does it show up? `https://b2e3b137.ngrok.io/surveymonkey/oauth?code=test`. Normally you would have a button/link in the front-end of your app with the URL in the UI, on click it'll take them to the OAuth page, on authorization the OAuth host (SurveyMonkey) will send them to your URI (https://b2e3b137.ngrok.io/surveymonkey/oauth) where you take the code and exchange it for a token. – General Kandalaft Jul 03 '16 at 02:28
  • That was my first idea as well, but I didn't think that was a good idea since having the redirected URL in a link would expose my API key and client ID. – Adam Freymiller Jul 03 '16 at 02:31
  • That's fine, your client ID and API key are not secret, you need to keep the client secret private (and any user's access token). That said if you'd prefer to send them to your endpoint where you do the redirect from the server-side to hide that data then that works too, you just need two separate views, one that'll just redirect _to_ SurveyMonkey and another that redirects _from_ SurveyMonkey. Or you can have a URL param such as `do_redirect=true` and if that exists redirect else exchange code for token. Regardless, more importantly you need to be able to read query params – General Kandalaft Jul 03 '16 at 02:39
  • Just a note, when the user gets to the SurveyMonkey OAuth page they'll see all that information any ways in the URL so I would go the easy route and have a link/button. Does going directly to that route with a GET parameter still show nothing? If so there is something we are missing. – General Kandalaft Jul 03 '16 at 02:48
  • Manually going through the link on client-side with all of the proper parameters gets me to the Authorization page, which I then fill out, submit, and get to the ngrok page which has the short-lived code as a param, but this time the GET /surveymonkey/oauth route is not even being hit, and there is subsequently no output – Adam Freymiller Jul 03 '16 at 02:59
  • It might be an ngrok issue. I assume you're using that to forward to your local environment. If you're seeing it hit ngrok with the code then you're most of the way there. I would still verify that hitting /surveymonkey/oauth with a GET request directly yourself with a fake code logs the code. If so then you just need to figure out the ngrok issue and you should be on your way. – General Kandalaft Jul 03 '16 at 03:06

0 Answers0