0

I have an HTTP POST request that accepts the body as form-data.

grant_type: client_credentials

when I use this API in an application, I need to pass a client_id and client_secret parameter to this call.

so far I have

   const postRequest = {
      url: 'https://address',
      method: 'POST',
      headers: {
        'authorization': 'Basic xyz',
        'content-type': 'application/x-www-form-urlencoded'
      },
     formData: {
        'grant_type': 'client_credentials'
      }
    };

How do I include the id and secret into this request? I have also tried

 formData: {
     'grant_type' : 'client_credentials',
     'client_id' :'id',
    'client_secret' : 'secret'
  }

that does not work either as stated in How to use FormData for AJAX file upload?

reza
  • 5,972
  • 15
  • 84
  • 126
  • Does this answer your question? [How to use FormData for AJAX file upload?](https://stackoverflow.com/questions/21044798/how-to-use-formdata-for-ajax-file-upload) – Dipanjan Panja Aug 08 '22 at 23:24
  • thanks for the link but it does not – reza Aug 08 '22 at 23:32
  • Look at the header part: two key-value pairs. Your `formData` has one so far. Now just add the two additional ones, using the same format and commas in between. I don't see where the issue is. –  Aug 08 '22 at 23:38
  • this is the latest version that does not work formData: { 'grant_type' : 'client_credentials', 'client_id' :'id', 'client_secret' : 'secret' } – reza Aug 08 '22 at 23:47
  • `'client_secret' : 'secret'` sends the actual six characters `"secret"`. If you have a variable `secret` you need to remove the quotes. –  Aug 09 '22 at 00:58

1 Answers1

1

This is an OAuth2 flow, and it's most likely you need to pass this in your Basic authorization header.

  headers: {
    'authorization': 'Basic ' + btoa(`${clientId}:${clientSecret}`),
    'content-type': 'application/x-www-form-urlencoded'
  },

It's even better to use a good existing OAuth2 library to handle the heavy lifting. I've open sourced mine:

https://github.com/badgateway/oauth2-client

it would work like this:

const client = new OAuth2Client({
  tokenEndpoint: 'https://address',
  clientId: '...',
  clientSecret: '...',
});
const result = await client.clientCredentials();
Evert
  • 93,428
  • 18
  • 118
  • 189
  • I am using exactly what you are recommending, the one with just headers. Except I did not mention the actual value. I still need to send the form-data, correct? – reza Aug 09 '22 at 00:07
  • @reza most OAuth2 servers require it in the Authorization header, some require it in the body but never both... so one of those should work. If it doesn't work, check out the error you are getting for a clue. – Evert Aug 09 '22 at 00:14
  • Will do, thank you. The error is status: "Method Not Allowed" code: 405 – reza Aug 09 '22 at 00:19
  • @reza that suggests you have the wrong url. – Evert Aug 09 '22 at 00:23
  • absolutely. Thanks for sticking with this @evert – reza Aug 09 '22 at 00:48
  • 1
    you are correct. Thank you for sticking with this @evert. – reza Aug 09 '22 at 00:49
  • np. next time post the error first! – Evert Aug 09 '22 at 16:28