It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Trello OAuthV1 'invalid token' in Glitch Example

I'm trying to get OAuth1 working with Trello by following these references:

 

1) General API docs https://developers.trello.com/v1.0/reference#api-key-tokens

2) Leads to app-key page https://trello.com/app-key

3) Leads to authorization-specific docs, in particular the OAuth section https://developers.trello.com/page/authorization#section-using-basic-oauth

4) Leads to the glitch example Node.js project https://glitch.com/edit/#!/trello-oauth

 

Now, I made my own remix of the glitch example per the instructions, and I updated the `.env` file to contain

TRELLO_KEY=<From the app-key page, my "Developer API Key" length 32 hexstring>
TRELLO_OAUTH_SECRET=<From the app-key page, my "OAuth Secret" length 64 hexstring>

 

Note that these variable names are different from the stock variable names of the unmodified glitch example Node.js project; for reference, the old variable names were

TRELLO_OAUTH_TOKEN_ONE=
TRELLO_OAUTH_TOKEN_TWO=

but I noticed that the `server.js` file makes no reference to these variables, and so I updated them accordingly.

 

With my TRELLO_KEY and TRELLO_OAUTH_SECRET provided to my remixed version of the Node.js project, I viewed it Live and attempted to go through the OAuth workflow.

The first step of hitting `https://trello.com/1/OAuthAuthorizeToken` seems to have worked because I was prompted with

Let Trello OAuth Example use your account?

Upon selecting "Allow", however, I see an empty page with just the text

"invalid token"

Am I using incorrect values in the `.env` file, or something? My only suspicion is that I'm using the wrong TRELLO_KEY because I thought it slightly odd to be using the API Key (as generated by Trello) as if it were the OAuthV1 HMAC Consumer Key, but I assumed that this is just how Trello implements OAuthV1. I found no explicit mention of what the Consumer Key is supposed to be, for what that's worth.

 

Also for what it's worth, I can authenticate just fine and hit the REST API when going through the sandbox https://developers.trello.com/page/sandbox/. I realize that the authentication method in the sandbox is via the alternative method https://developers.trello.com/page/authorization#section-authorizing-a-client and not OAuthV1, but I felt compelled to mention this because it at least validates that my API Key (as generated by Trello) works.

 

I look forward to hearing back.

3 answers

1 vote
khanh Atlassian Team Sep 12, 2018

Hi Tuan,

You're correct that the env keys are incorrect. They should be TRELLO_KEY and TRELLO_OAUTH_SECRET.

The `invalid token` is due to line 34 in server.js being hardcoded to the original Glitch project. I've changed it to dynamically determine the correct redirect URL.

Thanks for reaching out. I've updated the original Glitch example to fix both issues. Please remix it again and let me know if you need help with anything else.

Cheers,

Khanh

Hi Khanh,

I was able to remix the new Glitch example and successfully go through the OAuth workflow--thank you so much for fixing this! Now I can go debug my application knowing that my app key and secret are functional, which I very much appreciate.

Cheers!

Tuan

0 votes
marc Community Leader Sep 01, 2018

As I understand it, Trello uses Oauthv1 to get you an API token.  Once you have this API token, you don't need Oauth anymore.

Hi Marc,

 

Thanks for the response. I'm not sure how Trello implements its own /1/authorize/ endpoint, but I don't think it's the same thing as OAuthV1; it does look incredibly similar, though, with input parameters like 'scope', 'return_url', 'callback_method', etc.

 

The reason why I think that the API token you're referring to uses Trello's special /1/authorize/ endpoint and NOT the OAuthV1 protocol is because there are two separate sections in their Introduction to Auth page, and also because the API endpoints are just different (these URLs are taken from their docs page):

 

1) API Token method through Trello's own endpoint:

https://trello.com/1/authorize?expiration=1day&name=MyPersonalToken&scope=read&response_type=token&key={YourAPIKey}

 

2) OAuth Token method through Trello's OAuthV1 endpoints:

https://trello.com/1/OAuthGetRequestToken
https://trello.com/1/OAuthAuthorizeToken
https://trello.com/1/OAuthGetAccessToken

 

Cheers,

Tuan

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Trello

Develop a new Habit during Lockdown

If you had to thrive a new habit during a lockdown, what would it be? Trello

1,520 views 13 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you