Hello,
I’m using Erpnext oauth2 for my react application.
I configurated Oauth2 on my erpnext with Redirect URIs and Default Redirect URI is “https://localhost:3000/oauth2/callback”
Scopes: all openid
Grant Type: Authorization Code
Response Type: Code
But when I request to:
https://xxxx.com/api/method/frappe.integrations.oauth2.authorize?client_id=45b6a82ab7&state=444&response_type=code&scope=openid all&redirect_uri=https://localhost:3000/oauth2/callback
After login a received message: {“description”:“Mismatching redirect URI.”,“status_code”:400,“error”:“invalid_request”}
How to i fix that issue?
try to encodeURIComponent()
everything that is passed as param values.
https://xxxx.com/api/method/frappe.integrations.oauth2.authorize?client_id=45b6a82ab7&state=444&response_type=code&scope=openid all&redirect_uri=https://localhost:3000/oauth2/callback
this will become
https://xxxx.com/api/method/frappe.integrations.oauth2.authorize?client_id=45b6a82ab7&state=444&response_type=code&scope=openid%20all&redirect_uri=https%3A%2F%2Flocalhost%3A3000%2Foauth2%2Fcallback
2 Likes
Thanks you, it’s working.
And one else question.
If i used Simple Authentication via /api/method/login for custom login page in my react application.
How to i get bearer token after login? Or setting cookies samesite to none?
Because, after login i can’t get cookie sid for next request. The samesite cookies setting to lax.
My erpnext in azure cloud
My react frontend in my localhost for development mode
Thanks for your support. @revant_one
If you are going to use Bearer Token
from browser app then you will need to allow_cors in site_config.json of your ERPNext site. By using bearer token you don’t get any cookie. You can query the userinfo endpoint (/api/method/frappe.integrations.oauth2.openid_profile) with access token in Authorization header and get details about the user.
If you are going to use it with cookies you need to serve your react app along with ERPNext site on the same domain. Either use nginx to reverse proxy additional route or Add Single Page Application to website portal page
1 Like
How to i can get bearer token without oauth2?
OAuth 2 covers modern app authorization / revocation scenarios. Get the bearer token using the prescribed oauth2 flows.
Hack up anything! Add frappe whitelisted endpoints that in the end returns a new bearer token frappe.new_doc("OAuth Bearer Token")
something like this Trying to implement OTP login
1 Like