Product Oauth client access token returns invalid_scope on all endpoints

Hi,

I created a product in the console and added a “custom” oauth client with : scopes. I can POST /oauth/token and get a new access token.

When I try to call any product endpoints (like /products/product_id/devices) i get a 400 Error with the message invalid_scope.

I tried adding some scope when creating the access token but none of the scopes I tested work. Documentation says : should give full permissions (to the product I assume) but I seem to have no access.

Can someone help me out here?

Hi Simon-

Yes, you should give full permissions. Are you not encountering a way to do this?

Hey, in case it helps, I use this web site to generate the api users and it works like wonders:

Godo luck!
Gustavo.

I tried adding the : scope when creating an access token via the API but I just get an invalid_scope error.

Do I need to create an API user for the product in order to call API methods from my server? What is the point of the client_credentials flow then?

I checked the documentation for the API user and I don’t see a scope to create new integrations. My main goal with this was to automatically setup webhooks for our platform when we create a new instance of our app.

Hi,
I created 2 clients (just for testing) under my products with “custom” oauth client, type:installed, scope:full_permissions and then I was able to get info about clients and devices with this JS:

<!DOCTYPE html>
<html>
 <head>
 <meta name="viewport" content="width=device-width">
 <meta charset="utf-8"/>
 <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>

<style>
  html {
    background-color: blue; 
}		
</style>
<body>
 
  <div id='hideme' style="display:block; margin-left: 4px; margin-top: 0px; background: transparent; opacity: 1;  color: aqua; padding:5px 5px;"> TEST
  <p>
  <div style="display: inline-block; margin-left: 7px; margin-top: 0px; background: transparent; opacity: 1; border: 5px solid #c83349; padding:125px; max-width:100%; ">
  <button id='Q1' onclick="letsTry();" style= "background: transparent; color: #39a0ef; " >click me<i class="fa fa-power-off"  style="font-size: 480px;"></i></button>




 <script type="text/javascript">


      const clientId = "YOUR_CLIENT_ID_HERE"; 
      const clientSecret = "YOUR_CLIENT_SECRET_HERE"; 
      const product = "YOUR_PRODUCT_ID_HERE";
      const url_oauth = "https://api.particle.io/oauth/token";
      const url_array = ["https://api.particle.io/v1/products/" + product +  "/clients?", "https://api.particle.io/v1/products/" + product +  "/devices?"]
      const data = "grant_type=client_credentials&client_id="+clientId+"&client_secret="+clientSecret

async function LogAsClient(url) {
     const response = await fetch(url, {
     method: 'POST',  
     mode: 'cors',
     headers: {
     'Content-Type': 'application/x-www-form-urlencoded'
    },
    body:data
     
    
  });
  
  return response.json(); 
}

async function GetSomeData(url, tokus) {
     const response = await fetch(url, {
     method: 'GET',  
     mode: 'cors',
     headers: {
      'Content-Type': 'application/json','authorization':'Bearer ' + tokus
    }
  });
   return response.json(); 
}

function letsTry(){
  LogAsClient(url_oauth)
        .then(data => {
         console.log(data);

      url_array.forEach(function(item) {
          GetSomeData(item,data.access_token)
          .then(data => {
          console.log(data);
   
         }).catch(err =>{
           console.log(err);
        });
        })
   
         }).catch(err =>{
           console.log(err);
        });
}
</script> 
</body>
</html>

and here are some results:

Maybe this will help you some how :slight_smile: :+1:
Best

1 Like