abbrechen
Suchergebnisse werden angezeigt für 
Anzeigen  nur  | Stattdessen suchen nach 
Meintest du: 
Beantwortet! Gehe zur Lösung.

Problems getting the access token

I am observing problems getting the access token as described in the developer portal.

 

Intitially I am trying to get the token manually by http requests in order to understand the procedure, the final goal is to implement the whole procedure into openHAB using rules and later maybe a complete binding (i.e. create a standard interface from openHAB to the Viessmann API useable for others as well).

 

My current problem/question:

 

I managed to get past Step 1 and received a code using the posted http request like:

https://iam.viessmann.com/idp/v2/authorize?client_id=my_oauth_client_id&redirect_uri=http://localhost:4200/&response_type=code&code_challenge=my_code_challenge&scope=IoT%20User

 (my_oauth_client and my_code_challenge are replaced with my actual values).

Using the received code I posted:

https://iam.viessmann.com/idp/v2/token?client_id=my_oauth_client&redirect_uri=http://localhost:4200/...

I used the same string for My_code_challenge in both cases (in my understanding without setting code_challenge_method this should be correct).

From such I always get:

{"error":"invalid-authorization-request"}

 

What am I doing wrong?

  • I tried to send the second request as fast as possible (at least within a minute). Am I to slow?
  • The developer portal showed only a cURL example for the second request, is my selfmade https string wrong?
  • ....

As a follow up question, the to be received API token has a setting of

"expires_in": 3600

 Is that seconds or minutes?

1 AKZEPTIERTE LÖSUNG

Akzeptierte Lösungen

Hi @JueBag ,

 

within the second step (Authorization code exchange), have you set the parameter within the header?

-H "Content-Type: application/x-www-form-urlencoded"

Also, make sure to send a POST request. 

The expiration time of the token is in seconds. However, you can create a refresh token, which helps you obtaining a new access token much easier, as you do not need to do step 1 (Authorization request) anymore. You find the explanation for the refresh token here: https://developer.viessmann.com/en/doc/authentication (Refreshing an access token)

Hope this helps. If you have further questions, let me know.

Best,

Michael

Lösung in ursprünglichem Beitrag anzeigen

9 ANTWORTEN 9

I am missing: "grant_type=authorization_code"

Thanks for the input, however using:

 

https://iam.viessmann.com/idp/v2/token?grant_type=authorization_code&client_id=my_oauth_client&redir...

 

I'm getting 

{"error":"invalid-token-request"}

as well.

Hi @JueBag ,

 

within the second step (Authorization code exchange), have you set the parameter within the header?

-H "Content-Type: application/x-www-form-urlencoded"

Also, make sure to send a POST request. 

The expiration time of the token is in seconds. However, you can create a refresh token, which helps you obtaining a new access token much easier, as you do not need to do step 1 (Authorization request) anymore. You find the explanation for the refresh token here: https://developer.viessmann.com/en/doc/authentication (Refreshing an access token)

Hope this helps. If you have further questions, let me know.

Best,

Michael

@MichaelHanna 

My trials to send a "POST" request solely with the browser didn't work, using POSTMAN I got my token.

 

Danke!

 

Follow-Up Question:

Will the Refresh-Token stay the same over time, or did I get the same on my second request just because it was within a short time?

Der Beitrag wurde automatisch verschoben.

Hi,

 

the above link doesnt work.

 

I have a problem with this line:

 

curl -X POST "https://iam.viessmann.com/idp/v2/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&client_id=xxxxxxxxxxxxxxxxxxx&redirect_uri=http://192.168.1.199:8123&code_verifier=yyyyyyyyyyyyyyyyyyyyyyyy&code=zzzzzzzzzzzzzzzzzzz"

 

the code i've got already. It was not easy because the redirect_uri redirects immediatellay to an other site and i had to be very fast with the screeenshot :)...finally i've got it, but I get with the above curl a response:

 

{"error":"invalid-token-request"}

 

why? what is wrong?

 

and why it is so complicated: request via url, curl, tokens, client_id, code_verifier, codes, logins? It is an access for my-all-live-savings in a super secure bank? why the client_id is not enough?

 

regards

Andrzej


@nigolcabej  schrieb:

 

 It was not easy because the redirect_uri redirects immediatellay to an other site 



You did set that url! Why didn't you use localhost?


 

Hi,

 

to get the "code" and it have been worked with this url. so it doesnt matter, i suppose, what is the redirect_uri. Why i'm getting the {"error":"invalid-token-request"}?

 

Regards

Hi, 

I'm a bit puzzled... I also get "invalid-token-request" when trying this on the command line.

 

Here is my script:

#!/bin/bash

export client_id="client_id"
export redirect_uri="http://localhost:4200/oauth-callback"
export challenge_id=$(cat /proc/sys/kernel/random/uuid)
export email="email"
export password="password"

# Authorize and get code for further request
curl -X POST "https://iam.viessmann.com/idp/v2/authorize?client_id=$client_id&redirect_uri=$redirect_uri&response_..." \
-d "hidden-password=00&stayloggedin=Angemeldet bleiben&submit=Login&isiwebuserid=$email&isiwebpasswd=$password" \
-o login.html
export code=$(grep $redirect_uri login.html | sed -E 's/(^.*code=)([^"]*)(.*)/\2/g')

# get access token
curl -H "Content-Type: application/x-www-form-urlencoded" \
-X POST "https://iam.viessmann.com/idp/v2/token" \
-d "grant_type=authorization_code&code_verifier=$challenge_id&client_id=$client_id&redirect_uri=$redirect_uri&code=$code" \
-o access_token.json

 

Am I missing somehting and cannot see it?