Cannot post to oauth/token

Hi,

i have a problem when trying to post to https://app.youneedabudget.com/oauth/token . In Fiddler, the response is fine but Google Chrome is blocking the response under CORB Rules (see attached Image).

I call the api in angular via :

 

return this.http.post(url, formEncoded, {

headers: {

'Accept': 'text/html, application/json, text/json',

'Content-type': 'application/x-www-form-urlencoded'

}

I was unsure wether to include the data in the body as well so i put it in the url and in the body, but i also tried only putting it in the url and same result.

Is there someone who also implemented the explicit oauth flow or has some suggestions?

6replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Headsetsniper Are you using Authorization Code Grant Flow from the web? If so, this is probably why CORB is blocking it. The client_secret should not be posted from a web client as it is not secure. If you are doing auth from the web client itself, you'll want to use Implicit flow (send user to https://app.youneedabudget.com/oauth/authorize?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URI]&response_type=token) and they will be redirect back to your app after authorizing.

    Reply Like
    • Brady I'm experiencing a similar issue - i'm trying to post from a server side call and am not getting a response back - i'm assuming for the same reason. 

      Reply Like
      • George
      • Developer
      • george_ynab
      • 4 mths ago
      • Reported - view

      Steel Blue Song Can you provide details on what you're posting and what (if anything) we're sending back?

      Reply Like
  • string url = "https://app.youneedabudget.com/oauth/token?client_id=*****&client_secret=******&redirect_uri=http://localhost:52513/return.aspx&grant_type=authorization_code&code=";
    HttpWebRequest webrequest = Common.PrepareCall(url + code, "POST");

    Stream stream = webrequest.GetRequestStream();

     

    the GetRequestStream never completes. 

     

    I've used this method for other API Calls before and it seems to work fine. 

     

    FYI the prepare call only does this (I'm reusing snippets of code that I've had working for other projects where it did a lot more for proxy/security etc, but from what I understand this is all that should be required here): 

     

    HttpWebRequest webrequest = (HttpWebRequest)WebRequest.Create(url);
    webrequest.Method = method;

    return webrequest;

    Reply Like
      • George
      • Developer
      • george_ynab
      • 4 mths ago
      • Reported - view

      Steel Blue Song I think this is the same issue as https://support.youneedabudget.com/r/y7sdwl Here's what I just posted there:

       I was able to repro locally so we can start working on a fix. This issue is in a section of code that works around an iOS 11 WKWebView bug. It may take some time to get this fix out b/c it touches mobile. I'll keep you posted. Thx for the report.

      We'll try to get it fixed quickly.

      Reply Like
    • George ok i'll keep a look out - good to know i'm not just going insane/regressing as a developer. 

      Reply Like
Like Follow
  • 4 mths agoLast active
  • 6Replies
  • 283Views
  • 3 Following