Oauth2 replies 400 with no useful error message

[juliofarah]

Hi! I've been working on an integration with Asana and realized that there is no internal helper function for Oauth2-based authentication like there was on the first major version of the node client.

When I try to use the Oauth2 endpoints documented here https://developers.asana.com/docs/oauth#pkce-oauth-extension I always get a 400 with no useful error message.

Here's my auth code:

    const redirectUri = `${process.env.NEXT_PUBLIC_OAUTH_REDIRECT_URI}/asana`;

    const body = {
      grant_type: 'authorization_code',
      client_id: process.env.ASANA_CLIENT_ID,
      client_secret: process.env.ASANA_CLIENT_SECRET,
      redirect_uri: redirectUri,
      code: req.query.code,
    };

    const config = {
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
    };

    const tokenResponse = await axios.post(`https://app.asana.com/-/oauth_token`, body, config);

This is what the response looks like:

{
   "message":"Request failed with status code 400",
   "name":"AxiosError",
   "config":{
      "transitional":{
         "silentJSONParsing":true,
         "forcedJSONParsing":true,
         "clarifyTimeoutError":false
      },
      "transformRequest":[
         null
      ],
      "transformResponse":[
         null
      ],
      "timeout":0,
      "xsrfCookieName":"XSRF-TOKEN",
      "xsrfHeaderName":"X-XSRF-TOKEN",
      "maxContentLength":-1,
      "maxBodyLength":-1,
      "env":{
         
      },
      "headers":{
         "Accept":"application/json, text/plain, */*",
         "Content-Type":"application/x-www-form-urlencoded",
         "User-Agent":"axios/0.27.2",
         "Content-Length":244
      },
      "method":"post",
      "url":"https://app.asana.com/-/oauth_token",
      "data":"{\"grant_type\":\"authorization_code\",\"client_id\":\"<REDACTED>\",\"client_secret\":\"<REDACTED>\",\"redirect_uri\":\"<REDCATED>/oauth/asana\",\"code\":\"<REDACTED>\"}"
   },
   "code":"ERR_BAD_REQUEST",
   "status":400
}

Am I missing something obvious here?

[jv-asana]

Hi @juliofarah,

That's correct. The new version of our node library does not have an internal helper function for OAuth-2 based authentication. We have had some issues with this internal helper function in the past with some of our other libraries so we didn't implement it for the new client library versions. Developers can use an external OAuth 2.0 library like passport-oauth2
to help them implement OAuth 2.0 for their app server. Or they could use a request library like axios and implement OAuth through there like you are. That being said, I'll take a note of this and bring this up with our team to see if we can add this feature back into a future update of our node library.

As for your issue with OAuth. I think you might want to catch the error from axios to access the error Asana is throwing back in the response. For example instead of:

    const tokenResponse = await axios.post(`https://app.asana.com/-/oauth_token`, body, config);

You might want to try:

  let tokenResponse = null;
  try {
      tokenResponse = await axios
      .post("https://app.asana.com/-/oauth_token", body, config);
  } catch (err) {
      // Print Asana error
      console.log(err.response.data.error_description)
  }

Here are some of my guesses to what your error might be:

1. The redirect URL you provided in your code does not match the Redirect URLs you specified in the developer console (https://app.asana.com/0/my-apps/<YOUR_APP_ID>/oauth) (See Adding travis support #2: https://developers.asana.com/docs/oauth#register-an-application)
2. Edit your manage distribution settings to allow access to your target workspace or any workspace (See How to share your app)

Let me know if you are able to see the error message from Asana

[erulabs]

Lack of oauth2 support makes it pretty tricky to build an Asana "app". I assume people are just using personal access tokens instead. +1 for re-adding Oauth support to this library!