Refresh Token authorization call

fargas · April 20, 2021, 11:28am

I am trying to get an authorization token from the refresh token authorization call with Home Connect. Apparently the following code is correct (I am not sure though, sorry) but I always get “400 (Bad Request)”, although from Postman the code works well, provided that you take into account to avoid some characters substitution, as pointed below (sorry for the bad formatting I do not know how to better paste it).

function HttpRefreshToken() {
//var TokenResult = http.post('https://api.home-connect.com/security/oauth/token?grant_type=refresh_token&refresh_token="' + refreshToken + '"&client_secret=' + clientSecret);

var baseUrl = "https://api.home-connect.com/security/oauth/token";
var httpHeaders = {
    headers: {
        "Content-Type": "application/x-www-form-urlencoded"
    }
};
var body = '{"data": {"grant_type": "refresh_token", "refresh_token": "' + refreshToken + '", "client_secret": "' + clientSecret + '"}}';
var TokenResult = http.post(baseUrl, body, httpHeaders);

if (!TokenResult.data.error) {
    return TokenResult.data.access_token;
} else {
    return null;
}
}

The first commented line does not work so I tried the last command with parameters…

According to technical support:
"Body params will be the best choice. Code obviously handle some information encoded with base64 and need to be decoded on the backend. Some browsers intend to change some symbols to others in http urls. Correct base64 encoded information can contain following symbols:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=
"
Is there a way to modify the code to make it work? Many thanks!, and sorry for my lack of knowledge ;-(

bill · April 20, 2021, 3:14pm

Your “body” should be an object, not a string. Try this:

var body = {"data": {"grant_type": "refresh_token", "refresh_token":  refreshToken , "client_secret": clientSecret }};

fargas · April 20, 2021, 6:24pm

Bill,
Originally I had already tried that with the same result error, 400 bad request…
My feeling is that since the refresh_token has a final “=” character, this might be confused or replaced by the POST call?, but I am not sure if this is the problem at all?
Many thanks for your fast reply!

bill · April 20, 2021, 6:41pm

That last = character isn’t a problem. That’s a normal character for these types of requests.

fargas · April 20, 2021, 8:24pm

What about this call:

var TokenResult = http.post(‘https://api.home-connect.com/security/oauth/token?grant_type=refresh_token&refresh_token="’ + refreshToken + ‘"&client_secret="’ + clientSecret + ‘"’);

It does not work either…, with or without quotes…

bill · April 20, 2021, 8:28pm

When you send a POST you’re supposed to actually include some data. That’s just a URL. You should probably be using a GET.

fargas · April 20, 2021, 8:37pm

I just changed the post by get and it does not work, I get the error: “No public methods with the specified arguments were found.”

The following is the Postman call which works:

RedGrant · April 21, 2021, 6:21am

What could help, is using WireShark. By comparing what Postman and HomeRemote is sending, you might find the culprit.

fargas · April 21, 2021, 7:27am

Wow, that will be great, but unfortunately with my lack of knowledge I am not sure if I will be able to use it… I had a look to the manual and it does not seem very straightforward… Many thanks for your suggestion!

RedGrant · April 21, 2021, 1:39pm

Reading the data could look complicated, but capturing and saving the data is rather straightforward. You could ask if Bill is willing to read the saved data. I could have a look too, just PM me.

When you start WireShark you have to select a network connection (normally Wi-Fi or Ethernet). Most of the time the correct one is already selected. Then select the Shark Icon to the upper left (start capturing packets). Run the command in Postman or Home Remote, wait approx. 1-2 seconds and stop the capturing of packets (Stop icon right of Shark icon). Now you can save what have been captured in a file. You can send that file to others. One important thing: start your command approx. 1-2 seconds after starting capturing packets. Just to make sure that not too much data have to be inspected.

bill · April 21, 2021, 3:30pm

Why did you add this root “data” element to the “body”?

You aren’t doing that in your PostMan screenshot.

What you should actually be using is this:

var body = {"grant_type": "refresh_token", "refresh_token":  refreshToken , "client_secret": clientSecret };

fargas · April 21, 2021, 5:28pm

Bill and RedGrant, sorry about my stupid mistake!
Bill was right, I don’t know why the “data” attribute was there?
It is working very well now!, the token is automatically refreshed and the plugin works very well now!
I will post the plugin update.
Many thanks to both of you and sorry for the time I made you spend on this ;-(

PD: RedGrant, I will mak note of WireShark for the future…