Oauth.fetch_token call fails

Below is the test authorization code the customer is using, It fails at the oauth.fetch_token call:

import requests from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

Replace these with your actual values

CLIENT_ID = ‘’
CLIENT_SECRET = ‘’
TOKEN_URL = ‘https://api.apps.us.bluescape.com/v3/oauth2/authorize
API_BASE_URL = ‘Bluescape

Create a client

client = BackendApplicationClient(client_id=CLIENT_ID)
oauth = OAuth2Session(client=client)

Fetch the access token

token = oauth.fetch_token(token_url=TOKEN_URL, client_id=CLIENT_ID, client_secret=CLIENT_SECRET,
scope=‘v2legacy offline_access’)

Now you can make authenticated requests to Bluescape API

headers = {
‘Authorization’: f’Bearer {token[“access_token”]}',
‘Content-Type’: ‘application/json’
}

Example: Get user information

response = requests.get(f’{API_BASE_URL}/user’, headers=headers)

Check the response status

if response.status_code == 200:
print(“User information:”, response.json())
else:
print(“Failed to fetch user information:”, response.status_code, response.text)

I may have found the customer’s issue; it appears they may be using an incorrect instance value.

Hello Cody. This is Anthony Serenil. I created an account so I could respond to this topic.

Could you elaborate on the use of the incorrect instance value issue?

Hi @bip, welcome to our community.

It is difficult to troubleshoot the problem with what has been posted here, but I would suggest simplifying the code and removing the OAuth2 libraries:

import requests from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

If you are looking to use our code flow, that is accomplished in a few steps:

  1. create a Bluescape Application to get client_id, client_secret and you will need to enter the redirect_uri so the Bluescape application knows where to return access code, bearer token and refresh token
  2. make a redirect to bluescape authorization endpoint to have the user in their browser manually grant access.

example redirect URL
(this can be added directly in a browser, or redirect from server app):

https://api.apps.us.bluescape.com/v3/oauth2/authorize?response_type=code&client_id=<yourClientId>&redirect_uri=<yourRedirectURI>&scope=v2legacy%20offline_access

  1. once the user authorizes access, an access code is returned to the Bluescape application’s redirect_uri

  2. your application will then need to generate a bearer and refresh token by sending the access code to token endpoint for your instance using https://api.apps.us.bluescape.com/v3/oauth2/token

example: curl command to generate bearer token and refresh token

curl --location --request POST 'https://api.apps.us.bluescape.com/v3/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<yourAccessCodeFromStep3>' \
--data-urlencode 'client_id=<yourClientId>' \
--data-urlencode 'client_secret=<yourClientSecret>' \
--data-urlencode 'redirect_uri=<yourRedirectURI>'

Python Code Example
If you are looking for a simple python example that doesnt use OAuth2 libraries, you can replace the client_id, client_secret, and redirect_URI from the Bluescape application you created and run the application.

import os
import requests
from flask import Flask, request, redirect, session, url_for

# Fill in your actual values with Bluescape Application credentials when creating your application:
CLIENT_ID = '<yourClientId>'
CLIENT_SECRET = '<yourClientSecret>'
REDIRECT_URI = '<yourRedirectURI>'  # Make sure this matches your registered redirect URI

# Your base URL could change depending on the instance you are using.  Make sure your Application was created on the same instance:
API_BASE_URL = 'https://api.apps.us.bluescape.com/'
AUTHORIZE_URL = f'{API_BASE_URL}v3/oauth2/authorize'
TOKEN_URL = f'{API_BASE_URL}v3/oauth2/token'

# Flask setup
app = Flask(__name__)
app.secret_key = os.urandom(24)

@app.before_request
def log_request_info():
    app.logger.debug('Headers: %s', request.headers)
    app.logger.debug('Body: %s', request.get_data())

@app.route('/')
def home():
    """Step 1: User Authorization.
    Redirect the user/resource owner to the OAuth provider (i.e. bluescape.com)
    using an URL with a few key OAuth parameters.
    """
    authorization_url = f"{AUTHORIZE_URL}?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope=v2legacy offline_access"
    app.logger.debug('Redirecting to: %s', authorization_url)
    return redirect(authorization_url)

@app.route('/callback')
def callback():
    """Step 2: Retrieving an access token.
    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """
    code = request.args.get('code')
    app.logger.debug('Authorization code received: %s', code)
    token_response = requests.post(TOKEN_URL, data={
        'grant_type': 'authorization_code',
        'code': code,
        'redirect_uri': REDIRECT_URI,
        'client_id': CLIENT_ID,
        'client_secret': CLIENT_SECRET
    })
    
    app.logger.debug('Token response: %s', token_response.text)
    token_response_data = token_response.json()
    session['oauth_token'] = token_response_data['access_token']
    return 'Access token fetched successfully!'

@app.route('/profile')
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    access_token = session.get('oauth_token')
    headers = {'Authorization': f'Bearer {access_token}'}
    app.logger.debug('Fetching profile with token: %s', access_token)
    response = requests.get(f'{API_BASE_URL}/profile', headers=headers)
    app.logger.debug('Profile response: %s', response.text)
    return response.json()

if __name__ == '__main__':
    import logging
    logging.basicConfig(level=logging.DEBUG)
    app.run(debug=True, port=3001)

I changed a line of the code from this to this:
@app.route(‘/callback’)
def callback():

to this:
@app.route(‘/auth/callback’)
def callback():

And it seems to work now.

@bip,

Thank you for the update. This is great to hear! Please let me know if we can help with anything else.

Best Regards,
Cody Bentley

When I try using the profile route, the response object is not json, but html.

There seems to be an error in the html.
id=“browserWarning” hidden class=“web-main-error”>

You are using an unsupported browser

Please use the latest version of Chrome, Firefox, Safari, or Edge browsers.

browserWarning.hidden = false;

Hey @bip ,

I think there is an issue in the example implementation of the profile function as there is no profile endpoint in Bluescape API platform.

For a better test you can try calling our “Get Current Session User” end point: https://client.apps.us.bluescape.com/docs/doc/isam#tag/User/operation/UserController_getSessionUser

Here is an updated profile function implementation for the python sample above:

@app.route('/profile')
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    access_token = session.get('oauth_token')
    headers = {'Authorization': f'Bearer {access_token}'}
    app.logger.debug('Fetching user details with token: %s', access_token)
    response = requests.get(f'{API_BASE_URL}/v3/users/me', headers=headers)
    app.logger.debug('User details response: %s', response.text)
    return response.json()

This should return JSON with information about the user.

Let me know if you encounter further issues with this.

-Antti

That worked. Thanks so much for your help.

1 Like

That is great!

Let us know if you have other questions.