The client application is not known or is not authorized

  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi team,

I have successfully signed up to become a developer for the Reckon One API, but whenever I try and get my access code by sending the client ID and redirect URL, I get the message that "The client application is not known or is not authorized"

Do I need to do something else to make my application known before I am able to connect to it?
Photo of Lucas Williams

Lucas Williams

  • 280 Points 250 badge 2x thumb

Posted 1 year ago

  • 1
Photo of Ifti

Ifti, Product Manager

  • 6,236 Points 5k badge 2x thumb
Hi Lucas,

Thank you for your post.

Can you please ensure you're following the authorisation flow instructions as your account is set for Authorisation Flow type? Seems like you're trying to go through Implicit flow. Please correct me if I'm wrong.

Excerpt from our helpdocs link:

https://reckon.helpdocsonline.com/reckon-api-authorisation-services

Sample HTTPS Call (Authorization Code grant type)https://identity.reckon.com/connect/authorize?client_id=<<CLIENTID>>&response_type=c... URL>>&state=random_state&nonce=random_nonce
 
Note: If your application is a desktop application, you will need to build a web browser pop up window or something of that ilk to deal with this. You need to be able to present a website loaded from our server for the user to login with. If this is a major problem please contact reckonapi@reckon.com
 
This is the call that you will trigger when the user requests to connect to Reckon Accounts Hosted or Reckon One. You may have an administration page where people do this but you will need to trigger this process somehow to get an authorisation key returned.
 
HTTPS Call Components Explained
authorize?client_id=<<CLIENT ID>>
This is where you set your client ID. This client ID is provided to you by Reckon once you have provided a Callback URL. If you do not have this Client ID please email reckonapi@reckon.com
 
&response_type=code
This is where you set the response that you would like a code returned to you. This code is then used in a further call to obtain your access token and refresh token.
 
scope=read+write+offline_access
This is where you set the permissions that you wish to have with the service. When the user is authorising your application they will be informed of what permissions you are requesting. In the case of Reckon Accounts Hosted and Reckon One you should always be asking for read, write and offline access. Offline access allows you to use refresh tokens with the API.
 
redirect_uri=http://127.0.0.1/index.html
This is where the redirect URI (Callback URL) is set. This URL must match the URL you gave to Reckon as the callback URL otherwise the security systems will block the request.
 
Obtaining a access token and refresh token
Once you have received a code from the identity server, this code can be used to obtain a access token and refresh token. To do that requires a second call to the identity server via HTTPS
 
Typical token request call
The typical URL call is the following:
 
URL 
https://identity.reckon.com/connect/token<br>Type
POST
Body
grant_type=authorization_code&code=<<CODE>>&redirect_uri=<<REDIRECT URI>>
Headers
Content-Type = application/x-www-form-urlencoded
Authorization: Basic <<CLIENTID:CLIENTSECRET ENCODED IN BASE64>>
After this call is successfully sent, the response will include an access token and refresh token. Once you have obtained this you can use the refresh token to obtain new access tokens without the user having to input their credentials again.
 
For example if your client id is 1234 and your secret is 5678 the correct authorization header is Authorization: Basic <<1234:5678 ENCODED IN BASE64>>
 
Typical refresh token request call
To use the refresh token to obtain a new access token, you need to send another call to the service. The typical call is as follows:
 
URL
https://identity.reckon.com/connect/token<br>Type
POST
Body
grant_type=refresh_token&refresh_token=<<REFRESH TOKEN>>&redirect_uri=<<REDIRECT URI>>
After this call is successfully sent the response will again include a access token (which is used to access the API) and a refresh token which can be used in the future to obtain another access token. The refresh token should always be recorded to ensure that you can get a updated token without the users interaction.
 
Please let me know how you go.

Thanks

Ifti
Photo of Lucas Williams

Lucas Williams

  • 280 Points 250 badge 2x thumb
Hi Ifti,

Thanks for the quick reply. 

I am attempting to (at least as far as I can see) use the Authorisation flow, as I'm sending to the following link:  https://identity.reckon.com/connect/authorize?client_id=<CLIENTID>&res... I did notice that the main different in Authorisation v Implicit was the "response type", which I have set to "code" not "id_token".  My plan is to cache the refresh token so that there is not a manual login required every time that someone purchases something through the woocommerce store.

I do have dashes in my client ID, but when these are removed, I instead get a "There was an unexpected error"

I also noticed that the email I was sent confiming my account did not have a protocol associated with the redirect URLs, they were simply "localhost/roundtable/madameflavour/reckon", for example.  If I take http:// out of the redirect_uri, I instead get "The client application made an invalid request"

Any further assistance would be appreciated.

Cheers,
Lucas
(Edited)
Photo of Ifti

Ifti, Product Manager

  • 6,236 Points 5k badge 2x thumb
Hi Lucas,

I've updated all of your Call back URLs with http://

If any of them needs to be with https, please do let me know and I will update it accordingly.

I've tested with the below request URL and it works fine. I just had to remove the last slash from the redirect URI.

https://identity.reckon.com/connect/authorize?client_id=<CLIENTID>&res...

Please test it out and let me know the outcome.

Thanks

Ifti
(Edited)
Photo of Lucas Williams

Lucas Williams

  • 280 Points 250 badge 2x thumb
Hi Ifti,

Could we please make the Staging and Production URLs start with https:// instead of http:// please?

I have installed a certificate on staging, and would like to do the same in production.
Photo of Ifti

Ifti, Product Manager

  • 6,236 Points 5k badge 2x thumb
Hi Lucas,

I've updated your redirect URIs.

Please let me know if you need anything else.

Thanks

Ifti