Hello dear community,
I am trying to implement the OAuth 2.0 dance in a (javascript) webapp and followed the official instructions, but the access token request fails due to an internal server error:
- The first step with the request of an authorization code works and I am redirected back to the webapp after confirmation via the consent screen. The
code
query parameter is included in the URL.
- If I now want to perform the second step to request an access token, the server responds with a 500 Internal Server Error with the error message:
The server could not perform this operation - please check application logs.
The request is as follows:
const data = {
client_id: 'XXX',
client_secret: 'XXX',
grant_type: 'authorization_code',
code: 'XXX',
code_verifier: 'XXX'
};
this.http.post<JiraOAuth2Token>(
'https://xxx.xx/rest/oauth2/latest/token',
data,
{
headers: new HttpHeaders({
'content-type': 'application/json',
})
}
);
We are using Jira 8.22.3 and I have looked in every log file I could find, but only the access_log
shows the request sent.
Shouldn’t a 500 error appear in the atlassian-jira.log
with more details?
2 Likes
Hi Peter,
this.http.post<JiraOAuth2Token>(
'https://xxx.xx/rest/oauth2/latest/token',
data,
{
headers: new HttpHeaders({
'content-type': 'application/json',
})
}
);
I think it’s because this is sending the token request parameters as a json object rather than query parameters:
curl -X POST https://atlassian.example.com/rest/oauth2/latest/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI&code_verifier=CODE_VERIFIER
So here it might need to look something like (I’m guessing this is angular http so double check on your side):
this.http.post<JiraOAuth2Token>(
'https://xxx.xx/rest/oauth2/latest/token',
'client_id=XXX&client_secret=XXX&grant_type=authorization_code&code=XXX&code_verifier=XXX'
{
headers: new HttpHeaders({
'content-type': 'application/x-www-form-urlencoded',
})
}
);
2 Likes
Thank you very much, Rory,
setting the content-type
to x-www-form-urlencoded
does the trick.
Here is the corrected Angular code for those interested:
const body = new URLSearchParams(data);
this.http.post<JiraOAuth2Token>(
'https://xxx.xx/rest/oauth2/latest/token',
body.toString(),
{
headers: new HttpHeaders({
'content-type': 'application/x-www-form-urlencoded',
})
}
);
1 Like
Thank you very much. It saved my time.