Hi, long-time listener, first-time caller. I’ve searched here and Google extensively, combed the docs, but I’m at a loss. Surely I’m missing something simple here.
To start with, I’m creating my Android app by modifying photon-tinker-android. I’ve created the product in the Particle console, created simple auth credentials within the product, added these to the app as well as set the productMode and product_id resources in the app.
After calling startDeviceSetup from the (initialised) Device Setup Library, I’m able to log in fine but when pressing the “READY” button on the “Time to set up your…” screen I’m getting the following ParticleCloudException error shown in a pop-up:
Error
Could not communicate with Photon cloud. Make sure your Android device is connected to the internet and retry.
retrofit.RetrofitError: 400
This is both on an emulator (which I think doesn’t work with the setup SDK?) and actual phone.
Looking at the HTTP logs, the log in and token creation seems to be fine, but the call to /v1/products/6621/device_claims is failing with: "error":"invalid_scope","error_description":"Permission denied"
HTTP logs:
D/Retrofit: ---> HTTP POST https://api.particle.io/oauth/token
Authorization: Basic #####
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 74
D/Retrofit: grant_type=password&username=#####&password=#####
D/Retrofit: ---> END HTTP (74-byte body)
D/Retrofit: <--- HTTP 403 https://api.particle.io/oauth/token (2621ms)
date: Tue, 09 Oct 2018 13:11:33 GMT
content-type: application/json; charset=utf-8
content-length: 134
server: nginx
x-request-id: 96ec08ec-4311-4cf7-ba12-7cf4a1047cf3
D/Retrofit: access-control-allow-origin: *
cache-control: no-store
pragma: no-cache
OkHttp-Sent-Millis: 1539090693094
OkHttp-Received-Millis: 1539090693607
D/Retrofit: {"mfa_token":"#####","error":"mfa_required","error_description":"Multi-factor authentication required"}
D/Retrofit: <--- END HTTP (134-byte body)
D/Retrofit: ---> HTTP POST https://api.particle.io/oauth/token
Authorization: Basic #####
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 91
D/Retrofit: grant_type=urn%3Acustom%3Amfa-otp&mfa_token=#####
D/Retrofit: ---> END HTTP (91-byte body)
D/Retrofit: <--- HTTP 200 https://api.particle.io/oauth/token (523ms)
D/Retrofit: date: Tue, 09 Oct 2018 13:11:52 GMT
content-type: application/json; charset=utf-8
content-length: 161
server: nginx
x-request-id: 165f9206-587f-4952-a97a-20aca49f7f92
access-control-allow-origin: *
cache-control: no-store
pragma: no-cache
x-content-type-options: nosniff
OkHttp-Sent-Millis: 1539090711785
OkHttp-Received-Millis: 1539090712304
D/Retrofit: {"token_type":"bearer","access_token":"7ee...dd3","expires_in":7776000,"refresh_token":"552...2e9"}
D/Retrofit: <--- END HTTP (161-byte body)
D/Retrofit: ---> HTTP GET https://api.particle.io/v1/devices
Authorization: Bearer 7ee...dd3
---> END HTTP (no body)
D/Retrofit: <--- HTTP 400 https://api.particle.io/v1/devices (343ms)
date: Tue, 09 Oct 2018 13:11:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
server: nginx
x-request-id: e2d376be-c390-4a92-8b5e-174195f40709
access-control-allow-origin: *
cache-control: no-store
pragma: no-cache
OkHttp-Sent-Millis: 1539090712578
OkHttp-Received-Millis: 1539090712919
D/Retrofit: {"error":"invalid_scope","error_description":"Permission denied"}
<--- END HTTP (65-byte body)
D/Retrofit: ---> HTTP POST https://api.particle.io/v1/products/6621/device_claims
Authorization: Bearer 7ee...dd3
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 24
D/Retrofit: blank=okhttp_appeasement
---> END HTTP (24-byte body)
D/Retrofit: <--- HTTP 400 https://api.particle.io/v1/products/6621/device_claims (528ms)
D/Retrofit: date: Tue, 09 Oct 2018 13:11:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
server: nginx
x-request-id: 71997215-35f8-4b98-b88d-e381280a73b6
access-control-allow-origin: *
cache-control: no-store
pragma: no-cache
OkHttp-Sent-Millis: 1539090718848
OkHttp-Received-Millis: 1539090719370
D/Retrofit: {"error":"invalid_scope","error_description":"Permission denied"}
D/Retrofit: <--- END HTTP (65-byte body)
The actual Tinker app works fine.
Matt