I am working on creating a pack and the service it needs to make requests to uses OAuth2, but expects client_secret to be sent in the body of the POST request to the token endpoint.
I saw AuthenticationType.CustomAuthentication, but I think it cannot be used to support this kind of authentication… am I right that for this service, I cannot currently implement a pack that authenticates this way? Or am I missing something?
This is when I run
coda auth from the cli. It appears the library (client-oauth2) used to make the request to the token endpoint won’t allow that.
Thanks for any guidance.
Hi William - It’s fairly standard to require the
client_secret in the request body, and a lot of major API providers (including Google) do so. Coda already sends the
client_secret in the request body on token requests, so you should be all set. Were you running into an issue?
Thanks for your help. Probably just a local issue then
To reproduce the issue I run:
npx coda auth pack.ts
With this minimum pack to reproduce the issue:
import * as coda from '@codahq/packs-sdk';
export const pack = coda.newPack();
The coda auth tool makes this request to the token URL (I hid the auth header and code values).
curl -H "accept: application/json, application/x-www-form-urlencoded" -H "content-type: application/x-www-form-urlencoded" -H "authorization: Basic 12345 -H "user-agent: Popsicle (https://github.com/serviejs/popsicle)" -H "Host: api.box.com" --data-binary "code=67890&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth" --compressed "https://api.box.com/oauth2/token"
Is there a way to instead make
coda auth send client_id/client_secret in the body of the request to the token URL?
@William_Riley-Land - Ah, it does seem like our CLI doesn’t do auth the same way as the server, which is what is causing the issue here. I’ve opened a bug with the engineering team to take a look into this.