1

So I am building a simple project, where I am trying to hit the Battle.net API and recieve a token.

I've already created a client on their platform and got a secret and password.

When I am trying to make a request with the build in Http facade included in Laravel 7, i get unauthorized, no matter what.

I am using their documentation to hit the client grant enpoint: https://develop.battle.net/documentation/guides/using-oauth

I've tried hitting it with the same headers and content in Insomnia, and inside that software it works.

The code I am using is the following:

public function index()
{
    $key = env('BATTLE.NET_KEY');
    $secret = env('BATTLE.NET_SECRET');

    $response = Http::withHeaders([
            'Authorization' => "Basic {$key}{$secret}",
            'Content-Type' => 'multipart/form-data',
        ])->post('http://eu.battle.net/oauth/token', ['grant_type' => 'client_credentials']);

    return dd($response);
}

What am I doing wrong? I must be missing something important. It's supposed to be simple. I've tried to wrap it in an associative array beginning with [form_params =>] but that didn't work neither. Also tried other content types to see if that worked but to no avail.

Nefiron
  • 31
  • 4
  • Your connection is posting using http rather than `https`, if you're sending secrets and keys you pretty much MUST use https, and I wouldn't be surprised if battle.net is rejecting your connection purely because it's insecure. – Martin Apr 03 '20 at 15:56
  • Plus does [this Q&A](https://stackoverflow.com/questions/30970736/how-do-i-do-http-basic-authentication-using-guzzle) help? – Martin Apr 03 '20 at 16:03
  • I tried using the basic auth function of the Http Wrapper. (Which is a wrapper around guzzle.) also switched to https. However the documentation specifies that you should be able to hit it with http. I am getting a 500 response back with no explaination. – Nefiron Apr 03 '20 at 17:10
  • Well, regardless of your issue, you should still be using https over http `;-)` – Martin Apr 03 '20 at 18:38
  • I did that. Thanks. :D It worked now when I switched to guzzle directly. It might be that Laravel Http is setting some headers that it dosen't like. – Nefiron Apr 10 '20 at 10:32

1 Answers1

0

It seems like you have mixed up the key and the secret.

$key = env('BATTLE.NET_SECRET'); // should be key
$secret = env('BATTLE.NET_KEY'); // should be secret

I think the construction of the Authorization header is off, guzzle has a option for it, try with that.

Http::withOptions([
    'auth' => [
        $key,
        $secret,
    ]
])->withHeaders([
        'Content-Type' => 'multipart/form-data',
    ])->post('http://eu.battle.net/oauth/token', ['grant_type' => 'client_credentials']);
Martin
  • 22,212
  • 11
  • 70
  • 132
mrhn
  • 17,961
  • 4
  • 27
  • 46