Unable to authorize: invalid code verifier

Hi Support,

We are testing our integration with lightspeed, and I keep struggling to setup the authorization between strobbo and lightspeed for one of our customers:

 Customer details

ClientId: cG1EoAoAkwtRsTKxj1cFNTirXI7DeYxa

Executed steps to authorize:

  1. We generate the following authorization URL:

https://accounts.lightspeedapp.com/?client_id=cG1EoAoAkwtRsTKxj1cFNTirXI7DeYxa&response_type=code&response_mode=query&scope=openid+profile+email&redirect_uri=https://owr-public-services-dev.azurewebsites.net/api/webhook/lightspeed&prompt=&state=strobbo-t:DEV_BavetNL-c:1-w:1

 

  1. She authenticates, and grants access to strobbo what results in a redirect to our redirectURL: https://owr-public-services-dev.azurewebsites.net/api/webhook/lightspeed?state=strobbo-t:DEV_BavetNL-c:1-w:1&code={{code}}
  2. When the redirectURL is accessed, we execute a POST https://lightspeedapis.com/resto/oauth2/v1//token request with the given code
  3. grant_type=authorization_code&redirect_uri=https%3A%2F%2Fowr-public-services-dev.azurewebsites.net%2Fapi%2Fwebhook%2Flightspeed&code_verifier=S7HqB8pNOeaIg1qyx~LrGFrHgS8gVx5BVFb1NDXQqoixjjOXsrOz-YuL1Hf8gUUNM6tKHRUboEZgFXwxZ_oXNKBDz9FAjFrwohyJG.euLc3j14EqEvLQcz2bDEgmoyT0&code={{code}}

 

Unfortunately, this keeps returning the following error:

{"code":"bad_request","message":"Bad Request","statusCode":400,"details":[{"code":"code_verifier_invalid","field":"code_verifier","message":"invalid code verifier passed"}]}


When I try to authorize with our staging account, is works as a charm but unfortunately I don’t manage to get it working for our production customer. I am quite sure our code_verifier/challenge is correct since we use exactly the same as we do when we test with our staging account ([email protected])

Can you help us out please?

5 comments

  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 723 moderator

    Hi @GeertG1987,

    Thank you for reaching out to us.

    When testing your app in production you can't use your staging account, these are different servers. So I will create a production account for you, please check your email for all details.

    I hope this helps.

  • GeertG1987GeertG1987 Member Posts: 5

    I didn't receive any email, not sure to which email it is send? Please send it to [email protected]

  • GeertG1987GeertG1987 Member Posts: 5

    @LucienVersendaal We are still blocked with the authorization, can you please help us out? I didn't receive any email with any information about our production account. Please send the mail to [email protected]

  • LucienVersendaalLucienVersendaal Moderator, Lightspeed Staff Posts: 723 moderator

    Hi @Geert,

    I'm sending you an email about this.

  • GeertG1987GeertG1987 Member Posts: 5

    @LucienVersendaal not sure to which email address you are sending the mail, but I still didn't receive anything. (also checked my spam/junk email)...

    We really need to be able to test the OAuth2 in production since we received the following communication a while back:

    This also marks the end of support for our previous authentication mechanism that required partners to obtain a special partner account from Lightspeed.

    Effective January 1, 2020, all new integrations must utilize OAuth2 for authentication. Existing integrations will have until November 1, 2020, to transition to OAuth2.


    If we can’t test the new authorization in production, our integration will stop working, and our customers will start complaining…

Sign In or Register to comment.