[ Resolved ] HTTPS request for Refresh Token

lguarezi · August 29, 2019, 4:52pm

HTTPS request for Refresh Token

Hello everyone.

I have a little problem.

I am building an integration with Jira using a rest API. To keep this integration fully automatic, you can validate or token when time is needed, and you must revalidate.

The token created is in JWT format, such as requests. To revalidate the instructions from https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/#frequently-asked-questions.
To do the test used or cURL where everything works correctly. When you place the same order for nodeJS, you get status code 401, all data is valid and can be ordered exactly as requested.

The client and tokenJson are JSON objects. They are accurate as an API and return your response. Afterwards I evade this answer to the objects.

var data = {
    grant_type: 'refresh_token',
    client_id: clienInfo.client_id,
    client_secret: clienInfo.client_secret,
    refresh_token: tokenJson.refresh_token
}
data = JSON.stringify(data);
const options = {
    hostname: 'auth.atlassian.com',
    path: '/oauth/token',
    method: 'POST',
    header: {
        'Content-Type': 'application/json'
    },
    body: data
}
const req = https.request(options, function (res) {
    if (res.statusCode != 200) {
        process.exit(1);
    }
    var str = '';
    res.setEncoding('utf8');
    res.on('data', function (buffer) {
        str += buffer;
    });
    res.on('end', function () {
        console.log(str);
        console.log('');
    });
});
req.on('error', function (err) {
    console.error(err);
    console.log('');
});
req.write(data);
req.end();

The answer from the script above is:

Status code: 401 Unauthorized

Header: {"date":"Thu, 29 Aug 2019 16:41:06 GMT","content-type":"application/json","content-length":"60","connection":"close","server":"nginx","cache-control":"private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0","x-auth0-requestid":"e015b71fd40775c5b577","set-cookie":["did=s%3Av0%3Acc4346a0-ca7b-11e9-be3e-eded5bc02e72.nOP7PVWTXzPYYExHPTvW2wLaRvN%2Fo7oMzKigZgqr4pE; Max-Age=157788000; Path=/; Expires=Wed, 28 Aug 2024 22:41:06 GMT; HttpOnly; Secure"]}

Already try to do with the request module but problem is the same. Looking like something the Jira API detects and blocks, I think for security, something that is related to this request is sent by nodeJS. I’m not sure.

Thanks for taking a look and all help is welcome.

anon24747074 · August 30, 2019, 4:35am

Hi @lguarezi,
You should add your cloud id before the API and want to send the request. Try it.

lguarezi · August 30, 2019, 7:42pm

Hi @anon24747074 ,

I could not understand how I would add my cloud id before the API, would you put the clund id in the URL?

The process of ravalidating the toke functions in cURL with the following command:

curl -k --request POST --url ‘https://auth.atlassian.com/oauth/token’ --header ‘Content-Type: application/json’ --data ‘{ “grant_type”: “refresh_token”, “client_id”: “my_client_id”, “client_secret”: “my_client_secret”,“refresh_token”:“the_refresh_token” }’

With this command everything happens normally, in cURL. When I try to make the same request in NodeJS the status code 401 is returned.

lguarezi · September 19, 2019, 12:16pm

Hello,

I come close this topic so I found a solution. Not as you would like but it works.
I was using Node’s native HTTPS module to make the request, I believe that due to lack of knowledge I must have missed some configuration and this was preventing my request.
To solve I used the third party module ‘request’, with this module everything happened normally. Below is the call to the API with the request module.

function refreshToken(refresh_token, clienInfo) {
	var promise = new Promise(function (resolve, reject) {
		var data = {
			grant_type: 'refresh_token',
		    client_id: clienInfo.client_id,
		    client_secret: clienInfo.client_secret,
		    refresh_token: refresh_token
		}
		data = JSON.stringify(data);

		var opptions = {
			url: "https://auth.atlassian.com/oauth/token",
		    method: "POST",
		    headers: {
		    	'Content-Type': 'application/json'
		    },
		    body: data
		};

		request(opptions, function (err, res, body) {
		    if (err) {
		        console.log(err);
		        reject(err);
		        process.exit(1);
		    }
		    if (res.statusCode != 200) {
		        console.log(res.statusCode + " " + res.statusMessage);
		        process.exit(1);
		    }
		    resolve(JSON.parse(body));
		});

	});

	return promise;
  }