Error when requesting Trello access token response{code=400, message='Bad Request', body='null',

TomDelGiudice1 · January 26, 2021, 8:13pm

Trying to run the scribejava library from GitHub to run a simple get from Trello Rest API
I Included the KEY and KEY Secret Tokens then I requested the access Token.

I tried the following example in eclipse: scribejava/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/TrelloExample.java / .

I used these jars:
scribejava-apis-8.1.0.jar
scribejava-core-8.1.0.jar

I only modified these lines with codes I grabbed from the Trello website.
private static final String API_KEY = “your_api_key”;
private static final String API_SECRET = “your_api_secret”;
This data was used successfully in POSTMAN to fetch the “me” data from Trello via Rest.

I see that my POST to get an access token we returned with a {code=400, message=‘Bad Request’} response.
The following code is from the the latest version of scribejava api. (scribejava-8.1.0)

Here is the code involved in the error:
(Code from OAuth10aService.java)
final OAuthRequest request = prepareAccessTokenRequest(requestToken, oauthVerifier);
try (Response response = execute(request)) {
return api.getAccessTokenExtractor().extract(response);

(Values from Debug)
requestToken = com.github.scribejava.core.model.OAuth1RequestToken@a*******
oauthVerifier = https://trello.com/1/OAuthAuthorizeToken?oauth_token=******************

(Code from OAuth10aService.java)
return api.getAccessTokenExtractor().extract(response);

Values from Debug)
request= @request(POST https://trello.com/1/OAuthGetAccessToken)

response{code=400, message=‘Bad Request’, body=‘null’,
headers={null=HTTP/1.1 400 Bad Request,
X-Dns-Prefetch-Control=off,
Server=globaledge-envoy,
Access-Control-Allow-Origin=*,
Access-Control-Allow-Methods=GET,
PUT, POST, DELETE,
X-Permitted-Cross-Domain-Policies=none, Referrer-Policy=strict-origin-when-cross-origin,
X-Frame-Options=DENY, Strict-Transport-Security=max-age=63072000;
preload, Access-Control-Expose-Headers=x-rate-limit-api-key-interval-ms,
x-rate-limit-api-key-max, x-rate-limit-api-key-remaining,
x-rate-limit-api-token-interval-ms,
x-rate-limit-api-token-max, x-rate-limit-api-token-remaining,
X-Trello-Environment=Production, X-Trello-Version=1.2333.0,
Surrogate-Control=no-store, Content-Length=15,
}}

bentley · January 29, 2021, 3:16pm

This leads me to believe that you’re using a Trello Token instead of the App Secret. An App Secret can not be used to make an API request by itself.

The App Secret that you need for OAuth can be found at the bottom of https://trello.com/app-key.

TomDelGiudice1 · January 29, 2021, 7:25pm

I used the API_SECRET token from the bottom of the page.
Please advise.

bentley · January 29, 2021, 8:00pm

And you were able to make a request to /1/members/me and get back data with it?

TomDelGiudice1 · January 29, 2021, 8:28pm

Yes, but when I used postman I was able to manually add the Access Token that I copied from the website. Without it it won’t work in Postman either. The issue I have in java/eclipse is posting the credentials and trying to receive an Access Token programmatically. I am using the trello sample code in the scribeJava library on GitHub.
Trading the Request Token for an Access Token…
final OAuth1AccessToken accessToken = service.getAccessToken(requestToken, oauthVerifier);
The requestToken and oauthVerifier objects seem well formed with data.

TomDelGiudice1 · February 8, 2021, 2:19pm

I am now getting an error when posting a auth token to trello inorder to access the resource.

https://trello.com/1/OAuthAuthorizeToken?oauth_token=***********************************

Invalid return_url

Please advise

bentley · February 8, 2021, 5:21pm

That sounds like it is related to your API key’s allowed origins: https://developer.atlassian.com/cloud/trello/guides/rest-api/authorization/#allowed-origins

Make sure that the URL you’re redirecting to is added to your API keys allowed origins. You can update the list of allowed origins at: https://trello.com/app-key

TomDelGiudice1 · February 8, 2021, 10:24pm

I am currently working off a laptop. The only origin I could try was http://:80
This yielded the same error.
Please advise.

bentley · February 9, 2021, 1:40pm

What is the route you are using on your local machine to test this out? That is the value that should probably be added to your allowed origins list.

TomDelGiudice1 · February 9, 2021, 7:06pm

Yes, I am running a java program from eclipse. I returns the authorization link that I put into a browser or console. https://trello.com/1/OAuthAuthorizeToken?oauth_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have tried (with and without the port 80) as an origin.
http://my_ip_address:80
http://my_machine_name.cusa.canon.com:80

Still get Invalid return_url

Anything else I can try?

Thanks,

TomDelGiudice1 · February 16, 2021, 9:21pm

I am on a laptop using eclipse. I tried the incoming VPN ip address and logged out of VPN and used the native ip address of my laptop. Both attempts failed. I also tries using port 80 an 443. Our network guy wanted to know if anything from your side can be blocking. Please advise.

Thanks,