Oauth.fetch_token call fails

Hi @bip, welcome to our community.

It is difficult to troubleshoot the problem with what has been posted here, but I would suggest simplifying the code and removing the OAuth2 libraries:

import requests from requests_oauthlib import OAuth2Session
from oauthlib.oauth2 import BackendApplicationClient

If you are looking to use our code flow, that is accomplished in a few steps:

  1. create a Bluescape Application to get client_id, client_secret and you will need to enter the redirect_uri so the Bluescape application knows where to return access code, bearer token and refresh token
  2. make a redirect to bluescape authorization endpoint to have the user in their browser manually grant access.

example redirect URL
(this can be added directly in a browser, or redirect from server app):

https://api.apps.us.bluescape.com/v3/oauth2/authorize?response_type=code&client_id=<yourClientId>&redirect_uri=<yourRedirectURI>&scope=v2legacy%20offline_access

  1. once the user authorizes access, an access code is returned to the Bluescape application’s redirect_uri

  2. your application will then need to generate a bearer and refresh token by sending the access code to token endpoint for your instance using https://api.apps.us.bluescape.com/v3/oauth2/token

example: curl command to generate bearer token and refresh token

curl --location --request POST 'https://api.apps.us.bluescape.com/v3/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<yourAccessCodeFromStep3>' \
--data-urlencode 'client_id=<yourClientId>' \
--data-urlencode 'client_secret=<yourClientSecret>' \
--data-urlencode 'redirect_uri=<yourRedirectURI>'

Python Code Example
If you are looking for a simple python example that doesnt use OAuth2 libraries, you can replace the client_id, client_secret, and redirect_URI from the Bluescape application you created and run the application.

import os
import requests
from flask import Flask, request, redirect, session, url_for

# Fill in your actual values with Bluescape Application credentials when creating your application:
CLIENT_ID = '<yourClientId>'
CLIENT_SECRET = '<yourClientSecret>'
REDIRECT_URI = '<yourRedirectURI>'  # Make sure this matches your registered redirect URI

# Your base URL could change depending on the instance you are using.  Make sure your Application was created on the same instance:
API_BASE_URL = 'https://api.apps.us.bluescape.com/'
AUTHORIZE_URL = f'{API_BASE_URL}v3/oauth2/authorize'
TOKEN_URL = f'{API_BASE_URL}v3/oauth2/token'

# Flask setup
app = Flask(__name__)
app.secret_key = os.urandom(24)

@app.before_request
def log_request_info():
    app.logger.debug('Headers: %s', request.headers)
    app.logger.debug('Body: %s', request.get_data())

@app.route('/')
def home():
    """Step 1: User Authorization.
    Redirect the user/resource owner to the OAuth provider (i.e. bluescape.com)
    using an URL with a few key OAuth parameters.
    """
    authorization_url = f"{AUTHORIZE_URL}?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&scope=v2legacy offline_access"
    app.logger.debug('Redirecting to: %s', authorization_url)
    return redirect(authorization_url)

@app.route('/callback')
def callback():
    """Step 2: Retrieving an access token.
    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """
    code = request.args.get('code')
    app.logger.debug('Authorization code received: %s', code)
    token_response = requests.post(TOKEN_URL, data={
        'grant_type': 'authorization_code',
        'code': code,
        'redirect_uri': REDIRECT_URI,
        'client_id': CLIENT_ID,
        'client_secret': CLIENT_SECRET
    })
    
    app.logger.debug('Token response: %s', token_response.text)
    token_response_data = token_response.json()
    session['oauth_token'] = token_response_data['access_token']
    return 'Access token fetched successfully!'

@app.route('/profile')
def profile():
    """Fetching a protected resource using an OAuth 2 token.
    """
    access_token = session.get('oauth_token')
    headers = {'Authorization': f'Bearer {access_token}'}
    app.logger.debug('Fetching profile with token: %s', access_token)
    response = requests.get(f'{API_BASE_URL}/profile', headers=headers)
    app.logger.debug('Profile response: %s', response.text)
    return response.json()

if __name__ == '__main__':
    import logging
    logging.basicConfig(level=logging.DEBUG)
    app.run(debug=True, port=3001)