400 Bad Request when getting access token for ExactOnline using RestSharp

Question

I need to go through the OAuth2 flow for ExactOnline but I get stuck on step 3 of the docs ( https://developers.exactonline.com/#OAuth_Tutorial.html%3FTocPath%3DAuthentication%7C_____2 )

I created the following c# code using the Postman chrome app for testing http requests but keep getting 400 errors (bad request). The postman app also gave me 400 errors but no matter what settings I set, I always seem to get a 400 error.

var authToken = "veryyyyyylongtoken";
var redirectUri = "the-url-I-set-in-the-dashboard";
var grantType = "authorization_code";
var clientId = "id-guid";
var clientSecret = "secret";
var exactAccesTokenRequestEndpoint = "https://start.exactonline.nl/api/oauth2/token";

var client = new RestClient(exactAccesTokenRequestEndpoint);
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", String.Format("code={0}&redirect_uri={1}&grant_type={2}&client_id={3}&client_secret={4}", authToken, exactAccesTokenRequestEndpoint, grantType, clientId, clientSecret), ParameterType.RequestBody);
var response = client.Execute(request);

How is this code wrong?

The app registered at Exact is running in test mode, not production.

Any ideas?

===== EDIT =====

Based on Gusman's pointers I changed the code to the following. This still give a 400 error.

var client = new RestClient(exactAccesTokenRequestEndpoint);
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("code", authToken, ParameterType.RequestBody);
request.AddParameter("redirect_uri", redirectUri, ParameterType.RequestBody);
request.AddParameter("grant_type", grantType, ParameterType.RequestBody);
request.AddParameter("client_id", clientId, ParameterType.RequestBody);
request.AddParameter("client_secret", clientSecret, ParameterType.RequestBody);
var response = client.Execute(request);

Answer 1

Your first issue is solved by Gusman .

My guess is that the second problem is related to the exactAccesTokenRequestEndpoint you have set. Exact is really picky on the URL and I doubt if that URL you have is the URL described in the App store settings in EOL. Make sure it is at least the URL given in the settings.

So if your settings contains http://localhost/abc/ , your redirect_uri should be at least http://localhost/abc/ and not http://localhost/abc , which may seem valid.

Answer 2

I can't see which REST client are you using, but I can assume the "request.AddParameter" call expects Name, Content and ParamType.

If that's the case then you added it wrong, you need to do:

request.AddParameter("code", authToken, ParameterType.RequestBody);
request.AddParameter("redirect_uri", redirectUri, ParameterType.RequestBody);

and so on, you must add one by one the request parameter and let the rest client construct the body.

EDIT: I see the client is only on the name, ok, that's what RestSharp expects :)

Answer 3

Ok, solved it. Had to UrlDecode the token I got back from the Exact response in step 2, before passing it to the request in step 3. Like so:

var authToken = WebUtility.UrlDecode("code/token");

Thanks to everybody who weighted in on the matter :-)