Oauth and mobile app

Hi, i have some questions about oauth for chat api.
I have a framework for oauth : https://appauth.io/
I found this:

 * {"issuer":"http://api.faceit.com/auth",
  •          * "authorization_endpoint":"http://api.faceit.com/auth/v1/api/authorize",
    
  •          * "token_endpoint":"http://api.faceit.com/auth/v1/oauth/token",
    
  •          * "userinfo_endpoint":"http://api.faceit.com/auth/v1/resources/userinfo",
    
  •          * "jwks_uri":"http://api.faceit.com/auth/v1/oauth/certs",
    
  •          * "response_types_supported":["code","id_token","token"],
    
  •          * "id_token_signing_alg_values_supported":["RS256"],
    
  •          * "scopes_supported":["email","membership","openid","profile"],
    
  •          * "token_endpoint_auth_methods_supported":["client_secret_basic"],
    
  •          * "claims_supported":["aud","email","family_name","given_name","iss","locale","picture","email_verified","birthdate"]}
    

I know how oauth is working, but every time i get error “access denied”.
In my mobile app i have a button, when i’m clicking i go to browser with this url:
https://api.faceit.com/auth/v1/api/authorize?redirect_uri=https%3A%2F%2Fapi.faceit.com%2Fauth%2Fv1%2Fresources%2Fuserinfo&client_id={my_client_id_here}&response_type=code&state=iObKi0PpAi5ydlTEzKiI9A&scope=email%20membership%20openid%20profile&code_challenge=5y8GvShBGkpfuhWBTsy1PJixQNBS1jeHbkH0jU0pNcw&code_challenge_method=S256

What is wrong? Thanks.

Hey mate… here are some possible reasons for this error.

  1. The app key you’re using in the OAuth flow doesn’t include the right scope for the Chat API
  2. Data and Chat API use different access tokens. For the Data API you need to use your app token, however for the Chat API you need to use the User token that you get from the OAuth flow… If you try to use the user token in the data api or the app token in the Chat API you’ll get this error.

Thanks for reply,

  1. I checked this, i use all of these scopes, that are enabling from official docs: “email”,“membership”,“openid”,“profile”
  2. I know about different tokens. But i cant use api for chat, because first of all i cant go to authorize page in browser, i know, that i’ll get token after succesfull authorization, because i used oauth already for other apps. And now i really cant understand why i get “access denied” for auth page :confused:

i tried to do this with Postman, but i get the same error (

Hey mate… I’ve not used postman with the faceit api as it was quite confusing for me as well the way they did… but will write down here the way I did to make it work in the app I’m developing.

first the user opens the app and is redirected to this url
https://cdn.faceit.com/widgets/sso/index.html?client_id=<your_app_client_id>&response_type=code&redirect_popup=true

in this url, the user will authenticate himself and then faceit will redirect him to the Callback URL you set in your app settings.

so in this case, the user is being redirected to:
http://localhost:8080/callback?code=12345
note that the “code” parameter is appended by faceit, so be prepared to receive this code as you’ll need it for the next step.

Then, from this code, my web application makes a POST http request to
https://api.faceit.com/auth/v1/oauth/token
with the following body (i’m using application/x-www-form-urlencoded)
“grant_type” : “authorization_code”
“code” : “12345”
and the header is a basic authentication
where the username is your app key and the password is your app secret.

from this request, you should get a response (probably in json format, cant remember now)
with the body being something like
{“access_token” : “q1w2e3r4t5y6”}

Done, you’ve got the user token. you can now perform requests to
https://api.faceit.com/auth/v1/resources/userinfo
or even
https://open.faceit.com/chat/v1/rooms/<any_room_id>

with your token in the Bearer authorization header
“Authorization” : “Bearer q1w2e3r4t5y6”

Hope all this makes sense and help you mate

Hey @SWRHARD. Did it work for you?