Skip to content

How can we make it easier for you to develop on top of Wild Apricot?

← Developers

API V2 authorization "invalid_client" error

Hi, I'm trying to do v2 authorization (from Java), and getting an invalid client error.

My setup reads (edited for brevity):

HttpPost post = new HttpPost(AUTH_URL+"/auth/token");

post.addHeader("Content-Type","application/x-www-form-urlencoded");

post.addHeader("Authentication","Basic "+Base64.encodeBase64String("APIKEY:"+API_KEY));

List <NameValuePair> nvps = new ArrayList <NameValuePair>();

nvps.add(new BasicNameValuePair("granttype", "clientcredentials"));

nvps.add(new BasicNameValuePair("scope", "account"));

post.setEntity(new UrlEncodedFormEntity(nvps));This seems a perfect mirror of the php and c# samples, but in return, I'm getting the remarkably useful:{"error":"invalidclient","errordescription":null,"error_uri":null} Any ideas?Thanks,GeePawHill

0 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

GeePawHill shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Steve commented  ·   ·  Report

    Ah, I just figured out he was using "Authentication" instead of "Authorization". I'm getting the same error but I'm already using "Authorization".

  • Steve commented  ·   ·  Report

    It would be helpful to know *which* header name was invalid, and what the right name was..

  • Whiterose1 commented  ·   ·  Report

    Agreed: the login button gadget does not have an option to remove this (if it has I can't see it), and the form itself (on the Authorization Required system page) also has no such option.

    Adding features like this is good: but enabling them by default is not good.

    ________________

    white

  • GeePawHill commented  ·   ·  Report

    Here's the current state of play.

    1) My original problem was trivial. I'm sure a WA developer would have spotted it instantly: used the wrong header Authentication vs. Authorization.

    2) Debugging that problem was a bear. I finally wound up using Fiddler to compare the two requests, which itself took several hours of coercing java to use a proxy w/o a security certificate.

    3) I'll announce elsewhere, too, but there's now a project on GitHub called WildApricotApiV2 which contains the in-progress code.

    Thanks to the couple of folks who checked with me offline about this, and I hope the new project will help someone else!

    GeePawHill

Developers: API

Categories

Feedback and Knowledge Base

(thinking…)
WildApricot Inc. 
144 Front Street West 
Suite 725 
Toronto, Ontario M5J 2L7 
Canada
Terms and Policies
WildApricot Inc. Service Provider Level 1