-2

I've been using Spreadsheets and upwork, as I want to integrate between them.

So I'm trying to make authorization for upwork through spreadsheets, using the documentation steps and everything is going fine. But when i authorize my account i see that the response_type is not a token, it's a code.

 function authorize() {
 return OAuth2.createService('upwork')

      // Set the endpoint URLs, which are the same for all Google services.
      .setAuthorizationBaseUrl('https://www.upwork.com/ab/account-security/oauth2/authorize')
      .setTokenUrl('https://www.upwork.com/ab/account-security/oauth2/token')

      // Set the client ID and secret, from the Google Developers Console.
      .setClientId('cleintID')
      .setClientSecret('clientSecret')
      .setRedirectUri('https://script.google.com/macros/d/{Script-ID}/usercallback') 
 
      .setTokenFormat(OAuth2.TOKEN_FORMAT.FORM_URL_ENCODED)
      
      // Set the name of the callback function in the script referenced
      // above that should be invoked to complete the OAuth flow.
      .setCallbackFunction('authCallback')

      // Set the property store where authorized tokens should be persisted.
      .setPropertyStore(PropertiesService.getUserProperties())
}

So this is my first question, Is there is a way to set the response_type to token, as i am setting in the picture above the clientID,redirectUri... (I tried setResponseType but it doesn't exist)

although working as it's and using response_type=code, after authorization the a request should be returned to the

function as below function authCallback(request) {
  var driveService = authorize();
  Logger.log(request) //this is always null
  var isAuthorized = driveService.handleCallback(request);
  if (isAuthorized) {
    Logger.log('Yaaay')
    return HtmlService.createHtmlOutput('Success! You can close this tab.');
  } else {
    Logger.log('Naaay')
    return HtmlService.createHtmlOutput('Denied. You can close this tab');
  }
}

authorize() is not called ??

Finally below is the whole code i'm using.

function authorize() {
 return OAuth2.createService('upwork')

      // Set the endpoint URLs, which are the same for all Google services.
      .setAuthorizationBaseUrl('https://www.upwork.com/ab/account-security/oauth2/authorize')
      .setTokenUrl('https://www.upwork.com/ab/account-security/oauth2/token')

      // Set the client ID and secret, from the Google Developers Console.
      .setClientId('cleintID')
      .setClientSecret('clientSecret')
      .setRedirectUri('https://script.google.com/macros/d/{Script-ID}/usercallback') 
 
      .setTokenFormat(OAuth2.TOKEN_FORMAT.FORM_URL_ENCODED)
      
      // Set the name of the callback function in the script referenced
      // above that should be invoked to complete the OAuth flow.
      .setCallbackFunction('authCallback')

      // Set the property store where authorized tokens should be persisted.
      .setPropertyStore(PropertiesService.getUserProperties())
}

function redirect() {
  var driveService = authorize();
  if (!driveService.hasAccess()) {
    var authorizationUrl = driveService.getAuthorizationUrl();
    var template = HtmlService.createTemplate(
        '<a href="<?= authorizationUrl ?>" target="_blank">Press here to authroze</a>.');
    template.authorizationUrl = authorizationUrl;
    var page = template.evaluate().setTitle('Authroize');
    SpreadsheetApp.getUi().showSidebar(page);
  }
}

function authCallback(request) {
  var driveService = authorize();
  Logger.log(request)
  var isAuthorized = driveService.handleCallback(request);
  if (isAuthorized) {
    Logger.log('Yaaay')
    return HtmlService.createHtmlOutput('Success! You can close this tab.');
  } else {
    Logger.log('Naaay')
    return HtmlService.createHtmlOutput('Denied. You can close this tab');
  }
}

Update: I found that redirectURI is incorrect format, as google require the URI to be in the form of https://script.google.com/macros/d/{SCRIPT ID}/usercallback, so now the error changes and i got a failure

    Error: Error retrieving token: 404: {"<!DOCTYPE html>\n<html lang":"\"en\">\n<head>\n\n <meta name","":"undefined"," window.performance.mark 

":"undefined"," window.performance.mark(name);\n }\n\n function remove_mark(name) {\n window.performance ":"undefined"," window.performance.clearMarks ":"undefined"," window.performance.clearMarks(name);\n }\n\n function 

create_measure(name, startMark, endMark) {\n window.performance ":"undefined"," window.performance.measure ":"undefined"," window.performance.measure(name, startMark, endMark);\n }\n\n function remove_measure(name) {\n window.performance ":"undefined"," window.performance.clearMeasures ":"undefined"," window.performance.clearMeasures(name);\n }\n</script>\n <link 

rel":"\"stylesheet\" href","amp;site.application":"AccountSecurity","amp;site.version":"ed46c62af44692608c290dd0b498fa933b20c567","amp;site.environment":"prod","amp;server-error.status":"1",

"amp;server-error.label":"404+-+Agate","amp;server-error.traceId":"5c7d08790a6473b1-IAD\" height","l":"'+l:'';j.async","granted_time":1598271686} (line 541, file "Service")
Doom
  • 206
  • 1
  • 4
  • 14
  • With your reputation, you should know that images of code are not acceptable. See [mre] – TheMaster Aug 19 '20 at 20:55
  • 1
    Upwork api is oauth1 and not oauth2 – TheMaster Aug 19 '20 at 21:02
  • @TheMaster i appreciate your comments, but they have produced beta version of oauth2 for upwork, https://developers.upwork.com/?lang=node#authentication-beta_oauth-20 , and i would appreciate if you have example for authentication whether to any of them, as i found struggle in understanding them. – Doom Aug 23 '20 at 14:27
  • [Implicit grant responseType=token](https://github.com/gsuitedevs/apps-script-oauth2#compatibility) is explicitly mentioned as incompatible with the library. *request parameter is always NULL and i can't find out why ??* It'll run only on auth flow- not manually. PS: Avoid pictures of code. Show your code in text. – TheMaster Aug 23 '20 at 16:17
  • @TheMaster It'll run only on auth flow- not manually. would you explain this please. – Doom Aug 23 '20 at 16:42
  • How exactly do you know that the `request` is ``null``? Possibly related: https://stackoverflow.com/a/60526281/ – TheMaster Aug 23 '20 at 16:49
  • on running redirect() , i got the authorization link on pressing on it access code is generated but i don't get the Success! you can close this tab. from authCallback() as it's like not invoked (trial 1) ... another way, when i call authCallback() (which am sure i should not do this) i got an error that request is not defined . – Doom Aug 23 '20 at 16:50
  • i want to return the access code/token (but in this case it's code as you mentioned above access token is not supported) in-order to make this user access upwork data from my side. – Doom Aug 23 '20 at 16:52
  • *case it's code as you mentioned above access token is not supported* No. No. No. `access token` is supported. Implicit grant: https://oauth.net/2/grant-types/implicit/ is not supported(where a step(authorization code=>access token) is skipped). – TheMaster Aug 23 '20 at 16:57
  • *got the authorization link on pressing on it access code is generated but i don't get the Success! you can close this tab.* What do you get then? Do you get "Failure" page? – TheMaster Aug 23 '20 at 16:57
  • I found that the redirect URI was incorrect format, as google require it to be in a specific format in-order to work ... but i got now a failure page after pressing on the authorization link . (i've updated the post above with updated code and the generated error) – Doom Aug 24 '20 at 12:24
  • 404 is Not found. At this point it's no more a apps script error. Double Check clientID, secrets, urls and if user has actually completed auth flow. Contact upwork. See their [troubleshooting **404**](https://developers.upwork.com/?lang=node#authentication-beta_troubleshooting-issues) – TheMaster Aug 24 '20 at 12:31
  • @TheMaster Thanks alot for your help. May i ask you if there's a way that makes me turn a function i've made into an api? something like i'll create function helloWorld() and i want to turn it into api and redirect to it. – Doom Aug 25 '20 at 14:39
  • If it's 404, you aren't getting a token from upwork. There's nothing you can do in apps script side. – TheMaster Aug 26 '20 at 21:18
  • after investigation, i have a question that might be the reason for this :D, the clientID, and clientSecret that are provided are google's ones, or they are related to the API am using in my case it's (upwork) ? – Doom Aug 27 '20 at 15:36
  • Upwork's`````````````````​````````````````` – TheMaster Aug 27 '20 at 15:40
  • uhhh.. i am providing them correctly tho!! I'm trying to find where's is the problem but as you can see it's like nothing :D, (redirectUri, baseURL, tokenURL .. i am providing them according to the documentation, the only things that not in documentation are the client's ID/secret and they are correct) maybe upwork needs a specific scope to be mentioned ? – Doom Aug 27 '20 at 15:44

1 Answers1

0
.setTokenUrl('https://www.upwork.com/ab/account-security/oauth2/token')

According to documentation, tokenurl should be

POST /api/v3/oauth2/token

Use:

.setTokenUrl('https://www.upwork.com/api/v3/oauth2/token')

406 is due to incorrect or no Accept headers. This header is set due to

.setTokenFormat(OAuth2.TOKEN_FORMAT.FORM_URL_ENCODED)

Remove it to use default accept headers:

//.setTokenFormat(OAuth2.TOKEN_FORMAT.FORM_URL_ENCODED)
TheMaster
  • 45,448
  • 6
  • 62
  • 85