I'm trying to get OAuth1 working with Trello by following these references:
1) General API docs https://developers.trello.com/v1.0/reference#api-key-tokens
2) Leads to app-key page https://trello.com/app-key
3) Leads to authorization-specific docs, in particular the OAuth section https://developers.trello.com/page/authorization#section-using-basic-oauth
4) Leads to the glitch example Node.js project https://glitch.com/edit/#!/trello-oauth
Now, I made my own remix of the glitch example per the instructions, and I updated the `.env` file to contain
TRELLO_KEY=<From the app-key page, my "Developer API Key" length 32 hexstring>
TRELLO_OAUTH_SECRET=<From the app-key page, my "OAuth Secret" length 64 hexstring>
Note that these variable names are different from the stock variable names of the unmodified glitch example Node.js project; for reference, the old variable names were
but I noticed that the `server.js` file makes no reference to these variables, and so I updated them accordingly.
With my TRELLO_KEY and TRELLO_OAUTH_SECRET provided to my remixed version of the Node.js project, I viewed it Live and attempted to go through the OAuth workflow.
The first step of hitting `https://trello.com/1/OAuthAuthorizeToken` seems to have worked because I was prompted with
Upon selecting "Allow", however, I see an empty page with just the text
Am I using incorrect values in the `.env` file, or something? My only suspicion is that I'm using the wrong TRELLO_KEY because I thought it slightly odd to be using the API Key (as generated by Trello) as if it were the OAuthV1 HMAC Consumer Key, but I assumed that this is just how Trello implements OAuthV1. I found no explicit mention of what the Consumer Key is supposed to be, for what that's worth.
Also for what it's worth, I can authenticate just fine and hit the REST API when going through the sandbox https://developers.trello.com/page/sandbox/. I realize that the authentication method in the sandbox is via the alternative method https://developers.trello.com/page/authorization#section-authorizing-a-client and not OAuthV1, but I felt compelled to mention this because it at least validates that my API Key (as generated by Trello) works.
I look forward to hearing back.
You're correct that the env keys are incorrect. They should be TRELLO_KEY and TRELLO_OAUTH_SECRET.
The `invalid token` is due to line 34 in server.js being hardcoded to the original Glitch project. I've changed it to dynamically determine the correct redirect URL.
Thanks for reaching out. I've updated the original Glitch example to fix both issues. Please remix it again and let me know if you need help with anything else.
Thanks for the response. I'm not sure how Trello implements its own /1/authorize/ endpoint, but I don't think it's the same thing as OAuthV1; it does look incredibly similar, though, with input parameters like 'scope', 'return_url', 'callback_method', etc.
The reason why I think that the API token you're referring to uses Trello's special /1/authorize/ endpoint and NOT the OAuthV1 protocol is because there are two separate sections in their Introduction to Auth page, and also because the API endpoints are just different (these URLs are taken from their docs page):
1) API Token method through Trello's own endpoint:
2) OAuth Token method through Trello's OAuthV1 endpoints:
https://trello.com/1/OAuthGetRequestToken https://trello.com/1/OAuthAuthorizeToken https://trello.com/1/OAuthGetAccessToken
If you had to thrive a new habit during a lockdown, what would it be? Trello
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event