0

This code works

I surf I got the code by surfing https://app.stex.com/oauth/authorize?response_type=code&client_id=144&scope=trade profile then I got a code.

I put the code on my program

  Dim code = "def50200354606432acfb60c836ac40ff440dc2755164756cd7e34ddcf9cd4db8df87cabe71bf5e5c5c278c18c81b0415ba47da34f83ddaab0a84696e1722e266aec2e7942ed86e40e65b0dcf7428aad2747920de6cf8585ce281214f2ecc7353e807640320ca263013387ea0b2d466e2cc31b46c2a2e7b1dd33cdc518efa20b76b752734174f2b500450ed1ccb434611b0bdc458fcfed69a2ab2a5f91242f1f68c504d3151048c49eaf976eff6bbb922dac1acbba069fc8b57fd74069eeadf24c067edf4563aa5ad14b0d9740f1518723ba1c5637164e5e3c4d408102f49c0f63d8f3f5dfbfe11132d242a182e4af3449e811292d1ac69aadf74608a5383b9c4030de3579c98b07c4f087752f7e404f4897d8167b3d8ad266bdb42f74b539cc3fef6ce774edd35d305e655e984028614e50afe760acc754de70986dc7651ac760d5817c665ef1238d0811190763dbfd65993408d12dcf7926be6c71afb5d8a10528c174647934bdd1e4fcf1f4a800b8a74a7ae93bf60b02c602900a981bdb75e9de2b17f359ee"

Then I do

    Dim token2 = CookieAwareWebClient.downloadString1("https://api3.stex.com/oauth/token", "grant_type=authorization_code&code=" + code + "&client_id=" + _apiKey1 + "&client_secret=" + _secret1 + "&redirect_uri=https://apidocs.stex.com/oauth2-redirect.html", {})

    Dim jtoken1 = JToken.Parse(token2)
    Dim refreshtoken = jtoken1.Item("refresh_token").ToString

And it works.

However, this code doesn't work

Dim token2 = CookieAwareWebClient.downloadString1("https://api3.stex.com/oauth/token", "grant_type=authorization_code&code=" + code + "&client_id=" + _apiKey1 + "&client_secret=" + _secret1, {})

    Dim jtoken1 = JToken.Parse(token2)
    Dim refreshtoken = jtoken1.Item("refresh_token").ToString

The only difference is that in the first code I added + "&redirect_uri=https://apidocs.stex.com/oauth2-redirect.html"

Basically, I am creating a stex api.

My client has only one redirect URL. So why do I have to specify that redirect URL, that is not used anymore, and the server know anyway, to the https://api3.stex.com/oauth/token url?

I think I read the RFC

4.1.3. Access Token Request

The client makes a request to the token endpoint by sending the following parameters using the "application/x-www-form-urlencoded" format per Appendix B with a character encoding of UTF-8 in the HTTP request entity-body:

[...]

redirect_uri

REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.

It says that the redirect_URI is required if the parameter was included.

I didn't include the parameter when I request authorization code.

user4951
  • 32,206
  • 53
  • 172
  • 282
  • 1
    Duplicate: https://stackoverflow.com/questions/54717704/purpose-of-redirect-uri-parameter-when-exchanging-code-for-access-token/54769098#54769098 – andrija Mar 25 '19 at 09:51
  • Possible duplicate of [Purpose of redirect\_uri parameter when exchanging code for access token](https://stackoverflow.com/questions/54717704/purpose-of-redirect-uri-parameter-when-exchanging-code-for-access-token) – Gab Mar 25 '19 at 09:55
  • not quite. I do not specify redirect_uri when I requested authorization. Why should I include it when I get access token? – user4951 Mar 25 '19 at 10:41

0 Answers0