Test OAuth process of our private app

Siu_Pang_Tommy_Choi · August 23, 2023, 2:34am

We are developing an app on Yext platform.
The app will be public but is private at the moment.

We would like to test the OAuth flow as described in Setup OAuth Process | Hitchhikers
The endpoint https://api.yext.com/oauth2/accesstoken?client_id=0bd... returned us a 404 response.

So my questions are:

Is that OAuth endpoint available only for public app? How can we test for private app?
Say we obtain the access token of a client, will it expire after some period of time?
If yes, how do we refresh the access token?

Thank you so much for your help.

Sonia_Reardon · September 11, 2023, 7:46pm

Hi there, apologies for the delay getting back to you on this! See below for answers to your questions:

The OAuth endpoint is the same for both a Private and Public app.
The access token will not expire.

Could you please send the full endpoint URL you are using, omitting the sensitive information? I want to verify that the structure of your URL matches what is expected. This may be what is leading to the 404 error.

Thanks so much.

Siu_Pang_Tommy_Choi · September 12, 2023, 1:47am

Hi Sonia,

Thanks for the clarification about the OAuth endpoint and access token lifespan.

The request I made is like this:
https://api.yext.com/oauth2/accesstoken?client_id=0123456789abcdef0123456789abcdef&redirect_uri=https%3A%2F%2Fexample.app%2Foauth%2Finstall&state=abcde&response_type=code&grant_type=authorization_code

And I got a 404 Not Found error

Sonia_Reardon · September 12, 2023, 9:10pm

Thanks for sending. Can you please confirm if you are building in a Sandbox or Production environment?

As mentioned in this post, the access token URL is different if you are developing in Sandbox.

If you are building in Production I will look into any additional causes for error with the URL.

Thanks!

Siu_Pang_Tommy_Choi · September 13, 2023, 2:11am

I login via Yext Login so that should be Production environment.

Sonia_Reardon · September 13, 2023, 7:38pm

Hi,

Are you making a Post request or a Get request? You will need to make a Post request - if it’s not a Post you will get the 404 error. Let me know which you are using and that will help me further troubleshoot if needed.

Siu_Pang_Tommy_Choi · September 13, 2023, 11:57pm

The document says:

To initiate the OAuth process, redirect the customer to the URL below…

That makes me think it’s a GET request.

Now I tried the POST request and got a different error.
curl --location --request POST 'https://api.yext.com/oauth2/accesstoken?client_id=xxx&redirect_uri=xxx&state=xxx&response_type=code&grant_type=authorization_code'
{"error_description":"Missing required request params.","error":"invalid_request"}

Sonia_Reardon · September 14, 2023, 5:21pm

Hi,

It looks like there may actually be an error in this guide - can you swap out /accesstoken in the URL for /authorize?

To clarify, https://www.yext.com/oauth2/authorize is the GET endpoint that you redirect the user to to login and https://api.yext.com/oauth2/accesstoken is the POST endpoint that you use to exchange your auth code for an access token after.

We will ensure the guide is updated so this is more clear! Let me know if you are still having any issues.

Siu_Pang_Tommy_Choi · September 16, 2023, 1:44pm

Thanks Sonia,

With the correct endpoint I can obtain the authorization code, yet I still have problem exchanging it for the access token:
curl -X POST https://api.yext.com/oauth2/accesstoken -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=xxx&client_secret=xxx&code=xxx&redirect_uri=https%3A%2F%2Fyext-app.locafy.dev%2Foauth"
Response: 400 Bad Request
{"error_description":"Missing required request params.","error":"invalid_request"}

Sonia_Reardon · September 18, 2023, 8:16pm

Can you try including grant_type=authorization_code ? Let me know if you are still getting an error.

Siu_Pang_Tommy_Choi · September 18, 2023, 11:58pm

Thank you Sonia, it works perfectly.