The issue occurs on the custom iparams page of one of our marketplace apps, which uses platform’s OAuth feature.
For some reason we can reproduce this issue on some Freshdesk accounts (new marketplace), while everything is fine on other ones (old and new marketplaces).
Steps to reproduce:
- Click the “Buy app” button
- Pop-up window appears, log into the account and give required permissions
- Right after the pop-up window disappears and the access token is supposed to be collected by the app, the app gets initialized and tries to make requests using that collected access token. However, these requests fail for some reason and the error is " Error while substituting the templates " (code 400).
This happens in Chrome Stable 90.0.4430.212 (64-bit), in both regular and incognito modes.
I’ve tried to clean the cache/forget the website as suggested in a similar thread, but it didn’t help and the issue is still present.
I am using the very same 3rd party account during all installation attempts.
I am aware of the recent security updates.
The latest update states the following:
Your apps can continue referring to secure installation parameters as part of the “headers” property and the request URL
However, the collected OAuth access token is used in the request URL. We can’t use any other tool (e.g.
fetch) for sending these requests, because we are limited by the platform OAuth feature in terms of obtaining the collected access token (we can use this template only -
<%= access_token %>).
Also, the app contains only 1 single secure iparam - Freshdesk API key, which is only used in headers.
Could you please help us with this?