2

Basically I'm trying to create a website that requires interfacing with the Discord API to retrieve user information to work.

To do this, I am using a library called Simple OAuth (https://github.com/lelylan/simple-oauth2) and cannot get my authorization code to return a token using it. I've looked through some of the source code for the lib. and it is using POST, which appears to be the main issue when getting "Method Not Allowed" errors. I am following the Authorization Code flow example, and here is my code:

index.js

var express = require('express'),
    request = require('request');
var router = express.Router();
var config = require('../config.json');
var oauth2 = require('simple-oauth2').create(config.credentials);
var authorizationUri = oauth2.authorizationCode.authorizeURL({
    redirect_uri: config.redirect_uri,
    scope: config.scope,
    state: config.state
});
router.get('/login', function(req, res) {
    console.log(authorizationUri);
    res.redirect(authorizationUri);
});
router.get('/callback', function(req, res) {
    var code = req.query.code;
    var tokenConfig = {
        code: code
    };
    oauth2.authorizationCode.getToken(tokenConfig, function(err, result) {
        if (err) {
            console.error('Access Token Error', err.message);
            return res.json('Authentication failed');
        } 
        console.log('The resulting token:', result);
        var token = oauth2.acessToken.create(result);
        return res.status(200).json(token);
    });
});
module.exports = router;

According to the example, this code block should work. (And in case you were wondering, here's my config file:)

config.json

{
    "credentials": {
        "client": {
            "id": "...",
            "secret": "..."
        },
        "auth": {
            "tokenHost": "https://discordapp.com/api",
            "authorizePath": "/oauth2/authorize",
            "tokenPath": "/oauth2/token",
            "revokePath": "/oauth2/token/revoke"
        }
    },
    "redirect_uri": ".../callback",
    "scope": "identify",
    "state": "..."
}

The program is getting the state and code back perfectly fine, but when I try to POST it back to get the token I keep receiving error 405, method not allowed.

Jndachenhaus
  • 25
  • 1
  • 4

1 Answers1

2

You are getting a 405 because you are resolving to the wrong URL for the token endpoint. The library you use sets the tokenurl as:

const tokenUrl = url.resolve(config.auth.tokenHost, config.auth.tokenPath);

So:

url.resolve('https://discordapp.com/api', '/oauth2/token')

will resolve to:

https://discordapp.com/oauth2/token

which will give you a 405 response. I think you just need to add a "/" to the end of your tokenHost value.

i.e. change your config to:

    "auth": {
        "tokenHost": "https://discordapp.com/api/",
        "authorizePath": "/oauth2/authorize",
        "tokenPath": "/oauth2/token",
        "revokePath": "/oauth2/token/revoke"
    }

or:

    "auth": {
        "tokenHost": "https://discordapp.com",
        "authorizePath": "/oauth2/authorize",
        "tokenPath": "/api/oauth2/token",
        "revokePath": "/api/oauth2/token/revoke"
    }

and that should correctly resolve the token url.

iandayman
  • 3,947
  • 28
  • 33