2

I am confused about utl_http and oauth authentication with shopware 6. I undestand I have to obtain a token, which has to be used in futher requests. With all efforts I am getting the answer: "The authorization grant type is not supported by the authorization server".

There is tons of info on this issue but very little with utl_http - so i wonder if utl_http is comaptible with shopware anyway. Does anybody have a hint for me? thanks in advance!

  l_req   UTL_HTTP.req;
  l_resp  UTL_HTTP.resp;
  l_text  VARCHAR2(32767);

  begin
    -- setting the Wallet works - ACL is also set up properly! 
    utl_http.set_wallet('[wallet_file]','[wallet_pwaasword]');

    l_req  := UTL_HTTP.begin_request([my-shopware-url.de]/api/oauth/token], 'POST', 'HTTP/1.1');

    utl_http.set_header(l_req, 'content-type', 'application/json'); 
    utl_http.set_header(l_req, 'Accept', 'application/json'); 
    utl_http.write_text(l_req,'{
                                "grant_type": "client_credentials",
                                "client_id": "[my-client-id]",
                                "client_secret": "[my-client-secret]"
                               }');

    l_resp := utl_http.get_response(l_req);

    utl_http.read_text(l_resp, l_text, 32766);
    DBMS_OUTPUT.put_line (l_text); -- "The authorization grant type is not supported by the authorization server".

    -- once the token is obtained, I would set the token in the header for the next request
    utl_http.set_header(l_req, 'sw-access-key', [TOKEN]); 
    utl_http.write_text(l_req,'[REQUEST-BODY]');
    l_resp := utl_http.get_response(l_req);

   utl_http.end_response(l_resp);
 end;
feddoh
  • 31
  • 7

2 Answers2

2

I have no idea about Oracle, but more about Shopware :-)

Which exact Shopware version or you on? I would suggest to first test with the curl command below to see if the request works, if it does, something in the construction of the request by Oracle is causing the problem.

  1. Please create an integration and obtained client_id (access key ID in the screenshot) and client_secret (via Settings -> System -> Integration). Your normal admin panel user and password is not to be used here. And would cause the described error message

Create integration

  1. this command returns a token

     curl 'https://shopware-url.example.com/api/oauth/token'  -H 'Accept: application/json'  -H 'Content-Type: application/json'   --data '{
     "grant_type": "client_credentials",
     "client_id": "SWxxxxxxxxxxxxxxxxxxxx",
     "client_secret": "xxxxxxxxxxxxxxxxxxxxxxxx"
   }'

I believe your client_id would also start with "SW".

If this is not working, something is wrong on the Shopware side.

If you have a chance to use Xdebug, you might want to debug set a breakpoint at the function

\League\OAuth2\Server\AuthorizationServer::respondToAccessTokenRequest (file: vendor/league/oauth2-server/src/AuthorizationServer.php)

Or you insert debug code like this:

public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseInterface $response)
{
    var_dump(array_keys($this->enabledGrantTypes)); die();

This should print

array(3) {
   [0]=>
   string(8) "password"
   [1]=>
   string(13) "refresh_token"
   [2]=>
   string(18) "client_credentials"
}
Alex
  • 32,506
  • 16
  • 106
  • 171
  • 1
    very good hint, thanks! with curl, the token came out instantly, so i worked on my headers in PL/SQL. But now any further request with the token returns "404 Route not found" (even while using CURL) - is my installation faulty (as many posts to this error are suggesting) or is there another trap on my way? – feddoh Jun 06 '21 at 18:16
  • Please update your question with the URLs that give a 404.. be aware that starting from Shopware 6 there is no version number any more in the API urls. Maybe that is the problem – Alex Jun 06 '21 at 19:18
  • uh, I am totally new to this and I am afraid to take the sense out of the thread by editing my question? But, thanks to you, I found out: I was testing with "/api/orders" - according to https://developers.shopware.com/developers-guide/rest-api/examples/order/ but this does not work! it works with the singular "/api/order" ... is there a reliable documentation on the Shopware 6 api? – feddoh Jun 06 '21 at 20:44
  • Check this: https://stackoverflow.com/questions/67256752/documentation-for-shopware-6-admin-api-what-are-possible-commands – Alex Jun 07 '21 at 15:20
  • @feddoh don't forget to vote / accept an answer and / or comments. – Alex Jun 08 '21 at 17:52
  • 1
    sorry I am a totally newbe here. I voted for your answer twice but since I have not enough reputation on my own, my votes do not count up. But the message says they are „being recorded“. Sure I could accept an answer - both answers have been very helpful, but is one of them to be accepted as an answer to to origin question? Thanks for every hint on that… – feddoh Jun 08 '21 at 18:15
1

utl_http is a low level tool to make REST requests. It will definitly work but you have to figure it out. I have always struggled with it.

Here you are sending some parameters as a json text:

utl_http.write_text(l_req,'{
                            "grant_type": "client_credentials",
                            "client_id": "[my-client-id]",
                            "client_secret": "[my-client-secret]"
                           }');

I doubt this will work...

What about using apex_web_service.make_rest_request as an alternative ?

Here is an example :

declare
    URL varchar2(1000) := EndPoint || Command;  -- for example : EndPoint : [shop.example.com] and Command : [/api/product/b7d2554b0ce847cd82f3ac9bd1c0dfad]
    MyParameters varchar2(1000) := 'param1:param2...';
    MyParametersValues varchar2(1000) := 'value1:value2...';
    StatusCode number;
    Output clob;        
begin
    -- Clear headers
    apex_web_service.g_request_headers.delete();

    -- Add your headers here
    for i in 1..n
    loop 
        apex_web_service.g_request_headers(i).name := 'whatever';
        apex_web_service.g_request_headers(i).value := 'whatever';
    end loop;

    -- Make Rest Request
    Output := apex_web_service.make_rest_request(
                                p_url => URL,
                                p_http_method => 'POST or GET or DELETE...',
                                p_parm_name => apex_util.string_to_table(MyParameters),         
                                p_parm_value => apex_util.string_to_table(MyParametersValues));                                 

    -- Get the status code to check the result of the rest request
    StatusCode := apex_web_service.g_status_code; 
    return Output or StatusCode or whatever you want;
end;

I have no idea what shopware is but If you want to send grant_type, client_id and client_secret, you can either try send them in Headers. It this doesn't work, you can send them in parameters. One of them will work.

Thomas Carlton
  • 5,344
  • 10
  • 63
  • 126
  • I posted a CURL request which works with shopware above - now the question is, if the Oracle request they are making is equivalent to this :-) – Alex Jun 06 '21 at 14:57
  • 1
    thanks to both of you!! in combination it helped very much! as for oracle: sending parameters with utl_http.write_text in JSON format works!! however in my case the header has to contain UTL_HTTP.set_header (l_http_request, 'Content-Length', LENGTH (v_content)); along with a correct charset: UTL_HTTP.SET_BODY_CHARSET('UTF-8'); token now obtained! Thanks!! – feddoh Jun 06 '21 at 18:11