Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Trello OAuthV1 'invalid token' in Glitch Example

Tuan Nguyen
Tuan Nguyen August 31, 2018

I'm trying to get OAuth1 working with Trello by following these references:

 

1) General API docs https://developers.trello.com/v1.0/reference#api-key-tokens

2) Leads to app-key page https://trello.com/app-key

3) Leads to authorization-specific docs, in particular the OAuth section https://developers.trello.com/page/authorization#section-using-basic-oauth

4) Leads to the glitch example Node.js project https://glitch.com/edit/#!/trello-oauth

 

Now, I made my own remix of the glitch example per the instructions, and I updated the `.env` file to contain

TRELLO_KEY=<From the app-key page, my "Developer API Key" length 32 hexstring>
TRELLO_OAUTH_SECRET=<From the app-key page, my "OAuth Secret" length 64 hexstring>

 

Note that these variable names are different from the stock variable names of the unmodified glitch example Node.js project; for reference, the old variable names were

TRELLO_OAUTH_TOKEN_ONE=
TRELLO_OAUTH_TOKEN_TWO=

but I noticed that the `server.js` file makes no reference to these variables, and so I updated them accordingly.

 

With my TRELLO_KEY and TRELLO_OAUTH_SECRET provided to my remixed version of the Node.js project, I viewed it Live and attempted to go through the OAuth workflow.

The first step of hitting `https://trello.com/1/OAuthAuthorizeToken` seems to have worked because I was prompted with

Let Trello OAuth Example use your account?

Upon selecting "Allow", however, I see an empty page with just the text

"invalid token"

Am I using incorrect values in the `.env` file, or something? My only suspicion is that I'm using the wrong TRELLO_KEY because I thought it slightly odd to be using the API Key (as generated by Trello) as if it were the OAuthV1 HMAC Consumer Key, but I assumed that this is just how Trello implements OAuthV1. I found no explicit mention of what the Consumer Key is supposed to be, for what that's worth.

 

Also for what it's worth, I can authenticate just fine and hit the REST API when going through the sandbox https://developers.trello.com/page/sandbox/. I realize that the authentication method in the sandbox is via the alternative method https://developers.trello.com/page/authorization#section-authorizing-a-client and not OAuthV1, but I felt compelled to mention this because it at least validates that my API Key (as generated by Trello) works.

 

I look forward to hearing back.

Answer
Watch
Like Be the first to like this
1060 views

3 answers

1 vote
khanh
khanh
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 12, 2018

Hi Tuan,

You're correct that the env keys are incorrect. They should be TRELLO_KEY and TRELLO_OAUTH_SECRET.

The `invalid token` is due to line 34 in server.js being hardcoded to the original Glitch project. I've changed it to dynamically determine the correct redirect URL.

Thanks for reaching out. I've updated the original Glitch example to fix both issues. Please remix it again and let me know if you need help with anything else.

Cheers,

Khanh

View More Comments
Tuan Nguyen
Tuan Nguyen September 12, 2018

Hi Khanh,

I was able to remix the new Glitch example and successfully go through the OAuth workflow--thank you so much for fixing this! Now I can go debug my application knowing that my app key and secret are functional, which I very much appreciate.

Cheers!

Tuan

Like
Reply
0 votes
Tuan Nguyen
Tuan Nguyen September 6, 2018

@bentley

Tagging Bentley as a cross post from this other, related question

https://community.atlassian.com/t5/Trello-questions/Trello-OAuth-500-Server-Error/qaq-p/881182

Reply
0 votes
marc -Collabello--Phase Locked-
marc -Collabello--Phase Locked-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 1, 2018

As I understand it, Trello uses Oauthv1 to get you an API token.  Once you have this API token, you don't need Oauth anymore.

View More Comments
Tuan Nguyen
Tuan Nguyen September 4, 2018

Hi Marc,

 

Thanks for the response. I'm not sure how Trello implements its own /1/authorize/ endpoint, but I don't think it's the same thing as OAuthV1; it does look incredibly similar, though, with input parameters like 'scope', 'return_url', 'callback_method', etc.

 

The reason why I think that the API token you're referring to uses Trello's special /1/authorize/ endpoint and NOT the OAuthV1 protocol is because there are two separate sections in their Introduction to Auth page, and also because the API endpoints are just different (these URLs are taken from their docs page):

 

1) API Token method through Trello's own endpoint:

https://trello.com/1/authorize?expiration=1day&name=MyPersonalToken&scope=read&response_type=token&key={YourAPIKey}

 

2) OAuth Token method through Trello's OAuthV1 endpoints:

https://trello.com/1/OAuthGetRequestToken
https://trello.com/1/OAuthAuthorizeToken
https://trello.com/1/OAuthGetAccessToken

 

Cheers,

Tuan

Like
Reply

Suggest an answer

Log in or Sign up to answer
Trello
Trello
TAGS
AUG Leaders

Atlassian Community Events

    See all events