syedm
(Syed)
August 31, 2021, 11:39am
#1
Hi All,
In a custom app with Oauth, during onAppInstall event I am trying to make a POST request call to a third party API with Basic Auth for which I have to use the Oauth Access Token as username and X as password.
Here is the code below:
$request.post('https://thirdparty.com', {
headers: {
Authorization : `Basic <%= encode(access_token + ':X') %>`
},
body: JSON.stringify({
"webhook_url": targetUrl,
})
})
I am getting this error:
{“status”:400,“headers”:{},“response”:“Error while substituting the templates”,“errorSource”:“APP”}
Have I made any mistake in:
Authorization : `Basic <%= encode(access_token + ':X') %>`
Is there any other way to access the Oauth access_token instead of using templating?
Thanks,
Syed
Hi Syed,
I also faced same issue, which is fixed by freshworks support specialists
syedm
(Syed)
August 31, 2021, 1:14pm
#3
Hey Furqan,
Could you kindly tell me what was the fix given by the support specialists?
Is it something that we have to do in the code or is it something that the specialist perform in their end?
Thanks
Syed
Hello,
Unfortunately No, that is fixed by their side.
@velmurugan can u please look into this issue, that you had solved for me.
Thanks,
Furqan
velmurugan
(Velmurugan Balasubramanian)
September 1, 2021, 4:12am
#5
Hey @syedm ,
You are facing this issue due to recent security updates in our platform, you can fix this issue by whitelisting the domain in the manifest.json file, you can follow the Whitelisted-Domains section in this link to learn how to whitelist your domain.
you can also check out more about our recent security updates in the below forum threads,
Dear Freshworks App Developers,
We hope this update finds you in health and safety.
From our last announcement related to a security update on the platform, you would have learned that we are lining up a few enhancements to improve the security posture of our platform.
We also want to assure you that this is the last planned deployment that comes without a heads-up to help you prepare for the change. As always, our analysis gives us confidence that this change will have a little overall impac…
Dear Freshworks App Developers,
We hope this update finds you in health and safety.
As we continue to invest in improving the security posture of your platform, we would like to share an update regarding an upcoming change with respect to what Serverless Apps developers should expect and prepare for.
Starting July 25 2021, a Server Method Invocation (SMI) cannot by default invoke a method mapped as a handler to a Serverless Event (either a Product / App Setup / Scheduled / External event ) in …
Hope this helps!
Stay Safe
1 Like
syedm
(Syed)
September 1, 2021, 2:25pm
#6
Hi @velmurugan ,
I am passing access token template in the headers only and
I have whitelisted the urls as well but I am getting the same issue.
Could you please check the code snipped and check if I have missed something?
Thanks,
Syed
Hi @syedm ,
Could you please share your manifest.json file here and the third party URL’s which u r using in your app. So I can verify things by your side.
Thanks,
Furqan
velmurugan
(Velmurugan Balasubramanian)
September 6, 2021, 5:40am
#8
hey @syedm ,
Sometimes Oauth apps might use a different redirect URL/domains to handle authentication services, could you please check in the networks tab if any other URL needs to be whitelisted?
also, if possible could you send the complete app for us to debug the issue? if you cannot share the app in the public, you can send it via the forum DM
Stay Safe
Raviraj
(Raviraj Subramanian)
November 26, 2021, 5:06pm
#9
@syedm Are you passing the isOAuth: true
option to the request options?
Please post here for the wider community if you have fixed the issue.