0

I have the following parameters that can authenticate me on the api via python

library(reticulate)

import requests
url = 'https://api.checkbox.com/v1/my_account/oauth2/token'
payload = 'username=my_username&password=my_password&grant_type=password'

headers = {'Content-Type': 'application/x-www-form-urlencoded'}

response = requests.request('POST', url, headers = headers, data = payload, allow_redirects=False)
print(response.text)

{"access_token":"my_access_token","token_type":"bearer","expires_in":43199,"user_name":"my_username","roles":"System Administrator,Contact Administrator,Survey Administrator","account_name":"my_account","hosts":"my_account.checkboxonline.com"}

I tried doing the same using httr but getting a 400 error.

username <- "my_username"
password <- "my_psw"
base_url = "https://api.checkbox.com/v1/my_account/oauth2/token"

response <- POST(url=base_url,
                   authenticate(username,password),
                   add_headers("Content-Type"="application/x-www-form-urlencoded"),verbose())

Here is the generated request params:

-> POST /v1/my_account/oauth2/token HTTP/1.1
-> Host: api.checkbox.com
-> Authorization: Basic jumble_hog_wash_of_my_creds
-> User-Agent: libcurl/7.64.1 r-curl/4.1 httr/1.4.1
-> Accept-Encoding: deflate, gzip
-> Accept: application/json, text/xml, application/xml, */*
-> Content-Type: application/x-www-form-urlencoded
-> Content-Length: 0
-> 
<- HTTP/1.1 400 Bad Request
<- Cache-Control: no-cache
<- Pragma: no-cache
<- Content-Type: application/json;charset=UTF-8
<- Expires: -1
<- Server: Microsoft-IIS/10.0
<- X-Powered-By: ASP.NET
<- Date: Fri, 08 Nov 2019 16:08:10 GMT
<- Content-Length: 34
<- 
Response [https://api.checkbox.com/v1/my_account/oauth2/token]
  Date: 2019-11-08 16:08
  Status: 400
  Content-Type: application/json;charset=UTF-8
  Size: 34 B

I am not sure how to pass the &'grant_type=password' with the request. Any ideas?

Shery
  • 1,808
  • 5
  • 27
  • 51

1 Answers1

3

From the API DOC your API is supporting Oauth2 authentication using Resource Owner Password Credentials Grant that uses grant_type = "password".

For Oauth2 API you would usually use httr::oauth2.0_token but currently, httr Oauht2 flow does not support this type of grant.

You would need to do it yourself.

From the doc (I did not try as I don't access to this API), you would need to use a POST with a body containing your parameter.

This should work:

username <- "my_username"
password <- "my_psw"
base_url = "https://api.checkbox.com/v1/my_account/oauth2/token"

response <- POST(url=base_url,
                 # pass data to the POST request
                 body = list(
                   username = username,
                   password = password,
                   grant_type = "password"
                 ),
                 # application/x-www-form-urlencoded
                 encode = "form",
                 verbose())

See that using httpbin.org as example, you get the same header that in your example, with your data pass as form in the POST

username <- "my_username"
password <- "my_psw"

response <- httr::POST(
  # for demo
  url= "https://httpbin.org/post", 
  # pass data to the POST request
  body = list(
    username = username,
    password = password,
    grant_type = "password"
  ),
  # application/x-www-form-urlencoded
  encode = "form")

jsonlite::prettify(httr::content(response, "text"))
#> No encoding supplied: defaulting to UTF-8.
#> {
#>     "args": {
#> 
#>     },
#>     "data": "",
#>     "files": {
#> 
#>     },
#>     "form": {
#>         "grant_type": "password",
#>         "password": "my_psw",
#>         "username": "my_username"
#>     },
#>     "headers": {
#>         "Accept": "application/json, text/xml, application/xml, */*",
#>         "Accept-Encoding": "deflate, gzip",
#>         "Content-Length": "56",
#>         "Content-Type": "application/x-www-form-urlencoded",
#>         "Host": "httpbin.org",
#>         "User-Agent": "libcurl/7.64.1 r-curl/4.2.9000 httr/1.4.1"
#>     },
#>     "json": null,
#>     "origin": "176.158.63.46, 176.158.63.46",
#>     "url": "https://httpbin.org/post"
#> }
#>

Created on 2019-11-08 by the reprex package (v0.3.0)

Hope it helps

Community
  • 1
  • 1
cderv
  • 6,272
  • 1
  • 21
  • 31
  • you're a megician!!! do you know how to then send the `"bearer token"` once authenticated in the subsequent requests such as `POST` or `GET`? – Shery Nov 11 '19 at 09:49
  • nvm I found the answer here: https://stackoverflow.com/questions/44959476/using-oauth2-0-tokens-with-rs-httr-package thank you so much for your help – Shery Nov 11 '19 at 13:49