The access token does not work on the blockchain workbench

auricio 21

I'm having trouble using the access token to access the blockchain workbench API, I'm using /oauth2/token to get the access token, but the access token doesn't work on the blockchain workbench. For some reason id_token is working when I send it to the blockchain workbench API.

AshokPeddakotla-MSFT 28,056 Reputation points

2021-03-03T13:31:21.66+00:00

@auricio Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.
SanaCMSFT-8922 301 Reputation points

2021-03-05T14:02:41.53+00:00

@auricio
Could you let us know the steps you are taking to generate the token?
Could you also try running the troubleshooting script with the appropriate lookback hours and see if you find any relevant info by checking the exceptions and service logs files you obtain?
auricio 21 Reputation points

2021-03-11T23:13:41.01+00:00

First I log in using the msal library, then I make a post request for "/oauth2/token". It returns refresh_token, id_token and access_token, however, access_token does not work on the blockchain workbench, the token that works is id_token. These are the requisition data:
requestBody = { code: code, client_id: clientId, client_secret: clientSecret, grant_type: 'authorization_code', redirect_uri: myRedirectURL, scopes: ["openid", "profile", "email", "User.Read", "User.ReadBasic.All", "offline_access"], };

It looks like id_token and access_token are exchanged.
SanaCMSFT-8922 301 Reputation points

2021-03-12T08:50:28.363+00:00

Could you also provide us with the error or issue you face when you try the access token and any doc that you are referring to?
And, may we know whose client id and client secret you are using here?
AshokPeddakotla-MSFT 28,056 Reputation points

2021-03-15T10:53:05.107+00:00

@auricio Did you get a chance to see Sana response? Do let us know the requested details for further troubleshooting
AshokPeddakotla-MSFT 28,056 Reputation points

2021-03-16T17:51:30.957+00:00

@auricio Are you still blocked? Please share the error details and other information requested for further help?
auricio 21 Reputation points

2021-03-16T18:01:37.793+00:00

It returns me error "401 unauthorized". The client_id is "5102d1dd-4069-47f5-9f8c-c88b7ee5860c" and the client_secret is "S-T-9 ~ Wzto8fzY04GFr6WGSc_J9uo9hR.T".
SanaCMSFT-8922 301 Reputation points

2021-03-17T12:12:25.757+00:00

Could you confirm if the client_id you are using is the app id for the workbench App and that you are an admin for that app?
And for the error that you are facing, do you see any detailed logs or message?
Alternatively, you can also refer to this doc for getting the bearer token to access the workbench APIs.

auricio 21

The client_id and resource are the same id, the id of my workbench application. I am the application administrator. The error only returns me unauthorized when I use access_token, whenever I use id_token it works.

const requestBody = {
            code: code,
            client_id: myWorkbenchAppID,
            client_secret: clientSecret,
            grant_type: 'authorization_code',
            redirect_uri: myRedirectURI,
            resource: myWorkbenchAppID,
        }

        try {
            const data = await axios({
                method: 'POST',
                url: `${authority}oauth2/token`,
                data: qs.stringify(requestBody),
                headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
            });

            return data;
        } catch (error) {
            console.log(error);
        }

AshokPeddakotla-MSFT 28,056 Reputation points

2021-03-24T12:20:13.94+00:00

@auricio We hope you had a chance to check Sana's latest response. Do let us know if you have any further queries.

1 answer

SanaCMSFT-8922 301 Reputation points

2021-03-22T07:34:44.193+00:00

Ideally, access token should be used for API calls and not id token. Could you tell us if you see a WWW-Authenticate response header in the response that you obtain? It should contain info about why you are facing unauthorized error. You can also try checking the troubleshooting logs using the troubleshooting script sent before as it may also contain info about why you are facing the error accessing the API.
May we also know the library you are using to generate the access token and any documentation that you are following?
And, just in case, please make sure that you are not using an expired token and please generate a new one in case it is expired.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment