Forum Discussion

PeterAldridge's avatar
5 months ago

Authorisation Failing - Short Access Code

Hey guys,

I am trying to re-authenticate an existing client with our App however when we do the request to 

https://secure.myob.com/oauth2/account/authorize?client_id=[YOUR API KEY]&redirect_uri=[URL_ENCODED_REDIRECT_URI]&response_type=code&scope=CompanyFile

 

We are returned an access code that seems to be a lot shorter than we have received with other clients in the past.

Access Code Received - ory_ac_1sc4FIfeH-u8dPoICPPgW0fUGYPPwapusZ5nn9SF5Kc.RXfPV8s03zS2LUwPw2Kj869gq3h4YGVzmT86Ra49NmI

When we post this to the https://secure.myob.com/oauth2/v1/authorize

We receive a HTTP 400 Bad Request. I am assuming this is due to the short access code and it is failing some validation on MYOB's end. And it is passing back a Bad Request Status.

 

Any help would be greatly appreciated.

  • Doreen_P's avatar
    Doreen_P
    MYOB Moderator

    Hey PeterAldridge,

     

    I get that you're having issues re-authenticating your client with your app. Hopefully another developer in the community can get you a response soon; otherwise, feel free to reach out to the support team via developer.myob.com.

     

    Best regards,

    Doreen

  • I suspect it's not the Auth Code.  I've found problems trying to retrieve the tokens too.  Check your return URL and make sure you remove any trailing forward slashes.  They seem to have changed something around this and despite it working previously, my projects have been hitting roadblocks due to things like this.

  • The_Doc's avatar
    The_Doc
    Ultimate Cover User

    Hi PeterAldridge 

    I have been getting this for an entire week and Tana in tech seems to be going around in circles obviously not getting an answer to why.

    I get EXACTLY what you get - and there is no forward slashes or anything in my redirect.

    I even changed my redirect from http://desktop  to http://localhost - I still got but the Access Code but there was no json payload which should give you a blank page without an error with an embedded token that can be extracted easily as it starts with "Code".

    No matter whether I use a different server, laptop, totally rebuilt laptop Win 11 using Edge browser the result is identical.

    My last post to Tana was that the Elephant in the room seems to be that the initial GET for an Access Code seems to be no longer valid - I just cannot get someone to agree and say "yes" or "no".

     

    Unfortunately all my code is MSAccess 2019 - the Edge Browser comes only in the Access 365 version yet I doubt this will be the answer - I am going to try to spin up a VB.Net program in Visual Studio using MYOB's latest SDK - I believe a WebViewer2.Net is available but I still believe the result will be the same.

     

    The Doc

    • Mike_James's avatar
      Mike_James
      Ultimate Cover User

      Hi The_Doc , we are experiencing exactly the same issue. I sent a support request to the API support team this morning. 

      Our app is configured to use the latest IE or Edge, whatever is found, so I doubt that the IE version on our side is the problem. 

      • Mike_James's avatar
        Mike_James
        Ultimate Cover User

        PS. Same as the OP here, I noticed that the access code is now much shorter and starts "ory_...". 

        A comment was made by MYOB staff last week as follows: "At this stage we are not sure what actually caused this issue, but identity services are going through some changes which may have caused this issue. We will find out. "

        I suspect that MYOB have taken on a third-party identity services product, which explains the change of behaviour. I found www.ory.sh, which appears to provide this kind of service. 

        Perhaps MYOB could confirm this, and explain how we should proceed now?