Trouble getting /oauth/token to work

kai_vilbig · March 30, 2021, 3:03pm

I am developing a webapp that will take the user’s observations, assign stats to them, and they can use them for battle etc. Kinda like pokemonGO.

I got the initial login to work but the next step, doing the fetch(‘https://www.inaturalist.org/oauth/token’, doesnt seem to work for me…
I used:
const res = await fetch(‘https://www.inaturalist.org/oauth/token’, {
method: ‘POST’,
headers: {
“Content-Type”: “application/json”
},
body: JSON.stringify({
client_id,
client_secret,
code
})
})
and then I try to log the token but it just says token: NULL. What am I doing wrong?

I just need the user to log in so that the webapp can pull the users observations and such, as well as know that it is actually that person that is using the account. I belive that I can pull users observations without login but in my case I need to make sure that person is who they really are.

pisum · March 30, 2021, 3:56pm

welcome.

not sure exactly how you’re developing your app, but if you’re making a client-side app, you might want to look at the PKCE flow in the API reference page (https://www.inaturalist.org/pages/api+reference). for PKCE flow, you’ll need to set up your app to confidential=false, and then do something like what is described in this demo: aaronpk/pkce-vanilla-js: A demonstration of the OAuth PKCE flow in plain JavaScript (github.com), or else use a package that will handle PKCE flow.

if you have further questions, it might be helpful to provide more information about what exactly you’re developing…

kai_vilbig · March 30, 2021, 4:27pm

basically, I just need the user to log in so that the webapp can pull users observations so that I can assign stats to use for battle, sort of like PokemonGo. Right now I am just trying to get the login part to work so that I can pull userdata based on the username or ID or something that I can hopefully get from the login

pisum · March 30, 2021, 8:35pm

let me try asking the questions like this:

are you intending your web app run entirely on the client side? (or does the part that initiates the fetch of the token run on the client side?)
the code snippet you had earlier looks like Javascript. are you coding straight Javascript or are you using some library library?

kai_vilbig · March 30, 2021, 9:12pm

I believe its all client side, ill have to check again.
as for the code snippet, I was just making a testfile in js that could let me login to get userdata. the testfile was streight js.

pisum · March 30, 2021, 9:17pm

if you’re intending to do everything client side, please see my comments above, starting with:

system · May 29, 2021, 9:45pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trouble with api_token authorization at https://api.inaturalist.org/v1/docs/#!/Comments/post_comments Bug Reports	6	462	September 22, 2020
Sign in with Google doesn't work Bug Reports	11	1126	November 10, 2020
Unable to pass login request with validated login info while I have several iNaturalist tabs open in the same browser with login status on Bug Reports web	2	348	December 8, 2020
Access_token lifetime Bug Reports question	5	443	September 22, 2020
App owner API authentication—what's my App ID? General question	2	359	July 10, 2023

Trouble getting /oauth/token to work

Related Topics