Answered

Can't create an authorization code

  • 30 November 2022
  • 6 replies
  • 224 views

Userlevel 2
Badge +1

Hi there, guys!

I’m trying to set up an API connection with Videoask. I've registered a new dev app to use live tokens. But can’t get a temporary authorization code due to these errors:

 “Error getting the bot detection challenge. Please contact the system administrator”

“{"crossDomain":true,"method":"POST","url":"https://auth.videoask.com/co/authenticate"}” 


So I’m sending https://auth.videoask.com/authorize get request and it returns an html. But when I’m previewing this page these errors above occured. Seems when I click Login that should redirect me with URL contained auth code as a parameter but it doesn’t work :( I’m using the same credentials as for the account where the app was created

Can anybody help with that?

 

 

icon

Best answer by andrew_videoask 30 November 2022, 14:43

View original

6 replies

Userlevel 7
Badge +5

Hi @Yuriy, you actually want to make that request directly in your browser.

If you try to make that request through something like the command line, an IDE, or Postman, it will give you an error.

Simply replace the client_id and redirect_uri parameters in this URL:

https://auth.videoask.com/authorize?response_type=code&audience=https://api.videoask.com/&client_id={your_client_id}&scope=openid%20profile%20email&redirect_uri=https://your-example-app.com/callback

Then paste that URL into your browser’s address bar. Once you do so, you should be able to log into/authenticate your VideoAsk account and see the authorization code.

Keep in mind that only you, as the account owner, need to do this when you’re first setting up your app. Your end users will never need to go through this process. 

I hope this helps, and let us know if you have any further questions!

Userlevel 2
Badge +1

@andrew_videoask Ohh really! Thank you so much! 

I was confused by documentation 

 

Userlevel 7
Badge +5

@Yuriy The previous paragraph mentions that the request should be made through a browser, though I definitely understand your confusion!

Thanks for your feedback. I hope we can update the authentication documentation soon to make it more user-friendly 🙂

Userlevel 2
Badge +1

@andrew_videoask Yeah, thanks!

@andrew_videoask I think the docs could be worded better, especially around refresh_token: I ended up having to use Auth0 docs directly: https://auth0.com/docs/secure/tokens/refresh-tokens/get-refresh-tokens

For anybody coming across this, here is the flow if you need a refresh token that can mint new access tokens:

  1. You authorise your app in the browser
    https://auth.videoask.com/authorize?response_type=code&audience=https://api.videoask.com/&client_id=${your_client_id}&scope=openid%20profile%20email%20offline_access&redirect_uri=${your_redirect_url}

    You should receive a code parameter in the querystring of the callback
     
  2. You then need to make a POST to the token endpoint once
    curl --request POST \
    --url 'https://auth.videoask.com/oauth/token' \
    --header 'content-type: application/x-www-form-urlencoded' \
    --data grant_type=authorization_code \
    --data 'client_id={yourClientId}' \
    --data 'client_secret={yourClientSecret}' \
    --data 'code={yourCodeFromPreviousStep}' \
    --data 'redirect_uri={https://yourApp/callback}'
    In this response, you should see the refresh_token which can be used for asynchronous, long-term access

My reading of the docs is that it sounds like you’ll get the refresh_token in the response to the offline_access scoped authorize call – you won’t.

  1.  

Userlevel 7
Badge +5

Hey @Fork thank you so much for sharing this, I’m sure people trying to navigate the API docs will appreciate your help and I will be passing this onto the team to review as we continue to update the API and documentation 🙏

Reply