Problem about POST https://api.eu.nylas.com/v3/connect/token request

efeengin · July 24, 2024, 1:49pm

Hello everyone.
I am using v3 api and getting code from previous Oauth Request.
then I am making connect/token request to get grant_id to save.

I am always getting “error_code”:45004,“error_description”:“Code verifier challenge failed”

I create code verifier than making a challenge from it . method is either plain or s256 it fails.

I thought I am making a mistake when creating PKCE

I used another library to validate my own verifier and challenge

https://github.com/AdrienGras/pkce-php it validates.

any ideas what to do ?

thanks for help in advance.

ram · July 24, 2024, 2:31pm

@efeengin just wondering what platform did you specify for hosted authenciation?

For frontend authentication, it should be JavaScript

Also I created a reference code sample for PKCE using nylas-identity: GitHub - nylas-samples/nylas-auth-flow-react-spa: Authentication Users Accounts in a Single Page Application / Mobile App

efeengin · July 24, 2024, 3:30pm

@ram it is website . to /auth endpoint I am making this request

client_id=exxxxxa&access_type=offline&login_hint=efexxxxxxx35%40gmail.com&prompt=select_provider&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%2Fintegrations%2Fnylasv3-callback&code_challenge=ZTk2YmY2Njg2YTNjMzUxMGU5ZTkyN2RiNzA2OWNiMWNiYTliOTliMDIyZjQ5NDgzYTZjZTMyNzA4MDllNjhhMg&code_challenge_method=S256

then I am trying to get grant from /token endpoint with this request

 array:6 [▼
  "client_id" => "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  "client_secret" => "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  "grant_type" => "authorization_code"
  "code" => "09w1xSghI6798E_0zXnIh1mBnsQYHvpqc7Btez3wCyLYMAHKq8_y74WXWTT0pg9GsTYD9Fn1N5qzD6iDHXiO3lM5LGbXIlUS"
  "redirect_uri" => "http://localhost/integrations/nylasv3-callback"
  "code_verifier" => "e96bf6686a3c3510e9e927db7069cb1cba9b99b022f49483a6ce3270809e68a2"
]

response : error":"invalid_grant","error_code":45004,"error_description":"Code verifier challenge failed

but getting code challenge is failed. I am doing everything in backend
I need to get grant_id and save from the last request and with api key I will consume endpoints.

ram · July 24, 2024, 8:13pm

@efeengin for completing backend Auth, just curious is PKCE a requirement for your app?

Also want to share our Quickstart guide with built in authentication, we go over how to Set up user auth with Nylas.

efeengin · July 24, 2024, 8:35pm

no it is not but when I send request to /token and if I do not put code_verifier . I get some error like " param code_verifier is not sent etc "

efeengin · July 24, 2024, 8:41pm

what I meant is. I send /auth without code_challenge and code_challenge_method which is withOUT PKCE. then I get the code.

then I do 1 more request to /token to get grant_id . if I do not send code_verifier I get error. I believe something is broken with API. spent all day to try every combination still not good.

efeengin · July 24, 2024, 8:42pm

and all other endpoints grant_id/messages etc working really fine. just stuck in authentication.

Emmad_Altaf · July 25, 2024, 11:10am

Hi @efeengin @ram ,
I am also facing same issue from last two days, I am trying to exchange code but its giving me error that “Code verifier challenge failed”. I tried hard but its not resolving. I think there is an issue with api. If you got solution then please help me also. I am still stuck at this error.

efeengin · July 25, 2024, 11:51am

@Emmad_Altaf I believe it is API issue cause I tried any combination with and without PKCE I got same error everything. in my first try I was able to get grant_id so I moved to implement other endpoints after 5-6 hours when I try to auth other account . I got that error and it still exists.

efeengin · July 29, 2024, 6:21am

@ram @Emmad_Altaf any progress cause I am still getting this error. I am pretty sure it is an API issue. Is there any @admins who can look at thi issue?

Emmad_Altaf · July 29, 2024, 8:00am

Hi @efeengin, I emailed Nylas support, and they asked me for details in their reply. I provided them with all the details last Friday. Hopefully, the Nylas team is looking into this issue. I am also waiting for the Nylas team to fix this issue as my work is currently halted because of it.

efeengin · July 29, 2024, 8:35am

I am waiting this issue to be solved also.

ram · July 29, 2024, 3:21pm

Hi, thanks for sharing your debugging steps - let me block some time to take a look at this soon.

efeengin · July 29, 2024, 7:48pm

@ram any news? we really stuck here.

ram · July 29, 2024, 8:38pm

@efeengin I’m going to try to authenticate using our Quickstart Guide for Email as a test.

Can you confirm if you have tried running one of our Quickstart Guides with your App credentials and the result? You can also just download the repository, and add your credentials, and run it.

Trying to determine where the issue is.

ram · July 29, 2024, 8:52pm

@efeengin @Emmad_Altaf

I was able to test out the following Quickstart Guide to authenticate and received a grant:

{"message":"OAuth2 flow completed successfully for grant ID: GRANT_ID"}

If you can try doing the same, we can futher debug where the issue is. All the code for authenticating is available in the repository as well (and we have similar repos for other languages).

Alternatively, can you try creating a test grant (Add test grant) using our Dashboard? This uses our hosted authentication UI screen, but is another way to test auth is working for your application without code:

Another question - are you using our sandbox environment to test out Auth?

efeengin · July 30, 2024, 8:18am

yes I am using nylas sandbox env to test oAuth

efeengin · July 30, 2024, 10:55am

@ram funny thing is when I dont send any code_challenge code_challenge_method. also code_verifier for token endpoint

I get code verifier not provided error. so every request for me goes over PKCE

{“error”:“invalid_grant”,“error_code”:45004,“error_description”:“For code challenge check, code verifier not provided”,"

ram · July 30, 2024, 1:26pm

Hi @efeengin - can you try running one of our quickstart guides to authenticate an account? I don’t suspect an API issue. Our quickstarts have all the code that you can compare across your application.

Also can you share what your Callback URIs are, I want to check the Platform field:

Emmad_Altaf · July 31, 2024, 10:02am

Hi @ram ,
Below are details:

Client Id: CLIENT_ID
API key: API_KEY

My application code methods - flow:

codeVerifier: CODE_VERIFIER

codeChallenge: CODE_CHALLENGE

nylasHostUrl: https://api.eu.nylas.com/v3/connect/auth?client_id=20f1c644-c0b1-4c62-b6ac-0109aad8fcd6&redirect_uri=http://localhost:43344/api/Integration/EmailAndCalendarMasterAccountCallback&response_type=code&access_type=online&provider=google&login_hint=nylasv3@gmail.com&code_challenge=Ak2HC08a01ywI1CohFcVgmIV6CX11OjMown_Nvj7WdU&code_challenge_method=S256

code: CODE

json: {“code”:“CODE”,“client_id”:“20f1c644-c0b1-4c62-b6ac-0109aad8fcd6”,“client_secret”:“API_KEY”,“code_verifier”:“CODE_VERIFIER”,“redirect_uri”:“http://localhost:43344/api/Integration/EmailAndCalendarMasterAccountCallback",“grant_type”:"authorization_code”}

responce: {StatusCode: 401, ReasonPhrase: ‘Unauthorized’, Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:

{
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
x-kong-upstream-latency: 50
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=63072000; includeSubDomains
Accept-Ranges: bytes
Cache-Control: no-store
x-kong-proxy-latency: 10
x-unique-id: 1981e2a2-edf4-41ff-8e61-59e2fb22ca01
Via: 1.1 varnish, 1.1 varnish
Date: Fri, 26 Jul 2024 09:40:40 GMT
X-Served-By: cache-qpg120109-QPG, cache-qpg120109-QPG
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1721986840.087965,VS0,VE243
Vary: Origin
Content-Length: 203
Content-Type: application/json
}, Trailing Headers:
{
}}

responseString: {“error”:“invalid_request_error”,“error_code”:401,“error_description”:“client_id is required”,“error_uri”:“Nylas Unified Auth Service API Reference”}

Now I am also sharing PostMan call details:

https://api.eu.nylas.com/v3/connect/token

{

“code”:“CJiO7tK4x0A5IYRw1XNiYcJ-IXMGZkrWKi–XOkuZ8S9oo0GyxpgUeBW8KJb_S5e5XC3IIP4X7dIgEzjKMvIP4-ttIP5X-YA”,

“client_id”:“20f1c644-c0b1-4c62-b6ac-0109aad8fcd6”,

“client_secret”:“CLIENT_SECRET”,

“redirect_uri”:“http://localhost:43344/api/Integration/EmailAndCalendarMasterAccountCallback”,

“grant_type”:“authorization_code”,

“code_verifier”: “4ebk8Yi3piz7DVqayWFLd1HXX5YFlC4GmEKrphWftNU”

}

{

“error”: “invalid_grant”,

“error_code”: 45004,

“error_description”: “Code verifier challenge failed”,

“error_uri”: “Nylas Unified Auth Service API Reference”,

“request_id”: “ee26a152-6092-49a7-8550-c5d6b6e69f77”

}

If i try with my application then its asking that client id is required , you can check i have already correctly passed client id. But if we run flow in postman with same data then its asking that Code verifier challenge failed.

Please review this and investigate/test it in details - its always asking that “Code verifier challenge failed”, I believe this is api issue.

I am waiting for your quick fix please.

Thanks

Topic		Replies	Views
Issue with CORS during authorization Host: /v3/connect/token Question and Answers	5	32	September 10, 2024
Invalid_grant error Question and Answers email-api , authentication	3	251	April 12, 2024
Invalid Credentials Error when calling exchange_code_for_token Question and Answers authentication	1	25	September 6, 2024
ERROR 45001 How to resolve Question and Answers authentication	15	59	September 18, 2024
Could not verify access credential Question and Answers	3	199	March 13, 2024

Problem about POST https://api.eu.nylas.com/v3/connect/token request

Related Topics