Problem when logging in from the APP

[otrebmuh]

After succesfully building the App, we are trying to login to the BeaconControl server but we are having problems with it. This is the error trace:

Error Domain=com.up-next.BCLBeaconCtrl Code=-10 "<NSHTTPURLResponse: 0x7f891282e040> { URL: http://10.0.1.37/s2s_api/v1/oauth/token } { status code: 401, headers {
    "Cache-Control" = "no-store";
    Connection = "Keep-Alive";
    "Content-Length" = 213;
    "Content-Type" = "application/json; charset=utf-8";
    Date = "Wed, 22 Jun 2016 22:09:14 GMT";
    Pragma = "no-cache";
    Server = "WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)";
    "Www-Authenticate" = "Bearer realm=\"Doorkeeper\", error=\"invalid_grant\", error_description=\"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.\"";
    "X-Content-Type-Options" = nosniff;
    "X-Frame-Options" = SAMEORIGIN;
    "X-Request-Id" = "ccf9b94a-0eaa-4a07-ad27-c72c130f0cf0";
    "X-Runtime" = "0.543507";
    "X-Xss-Protection" = "1; mode=block";
} }" UserInfo={NSLocalizedDescription=<NSHTTPURLResponse: 0x7f891282e040> { URL: http://10.0.1.37/s2s_api/v1/oauth/token } { status code: 401, headers {
    "Cache-Control" = "no-store";
    Connection = "Keep-Alive";
    "Content-Length" = 213;
    "Content-Type" = "application/json; charset=utf-8";
    Date = "Wed, 22 Jun 2016 22:09:14 GMT";
    Pragma = "no-cache";
    Server = "WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)";
    "Www-Authenticate" = "Bearer realm=\"Doorkeeper\", error=\"invalid_grant\", error_description=\"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.\"";
    "X-Content-Type-Options" = nosniff;
    "X-Frame-Options" = SAMEORIGIN;
    "X-Request-Id" = "ccf9b94a-0eaa-4a07-ad27-c72c130f0cf0";
    "X-Runtime" = "0.543507";
    "X-Xss-Protection" = "1; mode=block";
} }, BCLResponseDictionaryKey=<CFBasicHash 0x7f89107ee7a0 [0x1016ada40]>{type = immutable dict, count = 2,
entries =>
    0 : error = <CFString 0x7f891073ac80 [0x1016ada40]>{contents = "invalid_grant"}
    1 : <CFString 0x7f89107ee8e0 [0x1016ada40]>{contents = "error_description"} = <CFString 0x7f89107f18e0 [0x1016ada40]>{contents = "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
}
}

We are sure the client ID, secret and login / password are correct. Does anybody have an idea o what may be going wrong?

Note: This is with the master branch.

Thank you.

Humberto

[jkurdel]

Hi @otrebmuh,

Are you 100% sure client ID, secret, login, password are correct? Did you try to obtain token without using SDK e.g. using CURL?

Could you try execute following command to be sure that there is problem with SDK authentication code?
curl -iX POST 'SERVER_HOST/s2s_api/v1/oauth/token' -H "Content-Type: application/json; Accept: applicatoin/json" -d '{"client_id":"S2S_API_KEY","client_secret":"S2S_API_SECRET","grant_type":"password","email":"USER_EMAIL","password":"USER_PASSWORD"}'

Best
Jan

[otrebmuh]

Hello @jkurdel

Thank you for your response. Using the command that you provided and the client_id and client_secret associated obtained from the BeaconControl application I get the following response:

HTTP/1.1 401 Unauthorized 
Date: Sun, 26 Jun 2016 01:26:41 GMT
Server: WEBrick/1.3.1 (Ruby/2.2.2/2015-04-13)
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
WWW-Authenticate: Bearer realm="Doorkeeper", error="invalid_grant", error_description="The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
X-Request-Id: cc450e83-b5b9-47b3-a8d2-c90c7cd990cf
X-Runtime: 0.013160
Content-Length: 213

{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

We have, however, solved the problem by analyzing the code and database from BeaconControl. In the oauth_applications database table we noticed an entry with the name "Beacon OS" (which is not associated to a particular application). By using that client_id and secret we were able to login successully. We used that client_id and secret in lines 79 and 97 of BeaconCtrlManager.m.

Our problem now is how to connect the IOS app with a particular App in the BeaconControl backend. Where do we put the Client_id and secret provided by the backend app?

Thank you and best regards,

Humberto

[jkurdel]

Sorry for the delay.

BeaconControl has 2 APIs available:
API - https://beaconcontrol.io/dev/backend/api_docs_v1/index.html
S2S API - https://beaconcontrol.io/dev/backend/s2s_api_docs_v1/index.html
client Id and secret visible in the BeaconControl Admin are tokens to API. S2S API is available for custom deployments so you can get this token only from the database.

SampleApp is connected to all test applications available in the BeaconControl Admin (see finishSetupForAdminUserWithEmail method

BeaconControl_iOS_sample_app/BCLRemoteApp/BeaconCtrlManager/BeaconCtrlManager.m

Line 527 in c822936

- (void)finishSetupForAdminUserWithEmail:(NSString *)email password:(NSString *)password completion:(void (^)(BOOL, NSError *))completion

). This is done this way to allow to login to each account in the BeaconControl Admin. If you want SampleApp to be connected to particular app then you have to change finishSetupForAdminUserWithEmail method and call setupBeaconCtrlWithClientId with your client id and secret.

I hope this will help you.

Best,
Jan

[hongchienchi]

I have the same issue. I have even tested this on PostMan: https://admin.beaconctrl.com/s2s_api/v1/oauth/token with credential from my
admin.beaconcontrol.io account
The Authorization was set to OAuth 2.0

The response:
{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

While in code, the request failed before finishSetupForAdminUserWithEmail
Also tested with curl command provided earlier, that failed as well.

Any suggestions? Thanks.

CC

[jkurdel]

Hi @hongchienchi

Please read my previous comment:

S2S API is available for custom deployments so you can get this token only from the database.

If you want to use SampleApp you have to deploy your own backend and get correct S2S API credentials from the database.

Best,
Jan

[mona-ragab]

I had the same issue. And I will clearify here for anybody searching in the future.

After deploying your own backend. And run bin/setup file. Two client ids and secrets values puts.

One for api, and the other for s2s_api

Admin credentials: email: admin@example.com, password: test123
API App credentials:
UID:    SOME_UID_HERE
Secret: SOME_SECRET!
S2S API App credentials:
UID:    DIFFERENT_UID_HERE
Secret: ANOTHER_SECRET_TOO!

The correct credentials is that under S2S API App credentials: part.

In fact this is not clear in documentation. Please, consider to add it someway.

[tymiles003]

Team,
Does it matter which operating system the server run on? I have ran the curl command on my mac and below is the results: but I can't connect with the sample app via the either api. My host server is ubuntu 14.04 running the BeaconControl

HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Etag: W/"b2f66309b583d5ecd3c66dff832ee7f9"
X-Request-Id: 29ba92ac-d92d-46a2-9809-3cd478ff56b7
X-Runtime: 0.144924
Server: WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)
Date: Fri, 28 Oct 2016 19:51:54 GMT
Content-Length: 248

[carsor007]

I'm having the same issue. I'm unable to login. I have used the s2s UID and secret from the database. I have analyzed the packets and the authentication is successful. After login, s2s_api/v1/applications is called and this returns no content. How do I associate the s2s uid and secret from the database with an app on the admin panel.

2017-01-03 20:36:50 GET https://mydoamin/s2s_api/v1/applications
                        ← 304 Not Modified [no content] 164ms
                    Request                                         Response                                        Detail
Content-Length:          0                                                                                                                  
Connection:              keep-alive                                                                                                         
X-Frame-Options:         SAMEORIGIN                                                                                                         
X-Xss-Protection:        1; mode=block                                                                                                      
X-Content-Type-Options:  nosniff                                                                                                            
Etag:                    W/"e9041fb24f5aa7bddbd908df08392766"                                                                               
Cache-Control:           max-age=0, private, must-revalidate                                                                                
X-Request-Id:            ff2f82e4-4231-47ca-b0b4-da8cde058852                                                                               
X-Runtime:               0.020498       
Server:                  WEBrick/1.3.1 (Ruby/2.2.4/2015-12-16)                                                                              
Date:                    Wed, 04 Jan 2017 04:36:50 GMT                                                                                      
Via:                     1.1 vegur                                                                                                          
No content                                                                                                                            [m:Auto]

                                                                                                    

[jkurdel]

Hi @carsor007

Response looks good, please check 304 status code specification: https://tools.ietf.org/html/rfc7232#section-4.1).

Please paste response for not cached resource.

Best,
Jan

[otrebmuh]

Hello,

I also had a lot of confusion with the two REST APIs initially, so I will try to clarify this a bit more now that I understand things better.

API V1

The API V1 (https://beaconcontrol.io/dev/backend/api_docs_v1/index.html) is usually the only thing you need to develop a mobile application that connects to the BeaconControl backend and publishes events to it. To do so, you need to create an application in the BeaconControl panel and then obtain the Client ID and Client Secret (from the Applications > TestApp menu). Once you have these values you can authenticate as follows:

curl -iX POST 'your.backend.url/api/v1/oauth/token' -H "Content-Type: application/json; Accept: application/json" -d '{"client_id":"app_client_id","client_secret":"app_client_secret","grant_type":"password","user_id":"Humberto","os":"ios","environment":"production"}'

Please note that the user_id can be anything, it does not have to be a user that can access the BeaconControl panel.

Once you have that token, you can send events to the backend, for example:

curl -iX POST 'your.backend.url/api/v1/events' -H "Content-Type: application/json; Accept: application/json" -d '{"access_token":"_token_previously_received_","events":[{"event_type":"enter","proximity_id":"2BBFB165-C9FF-4E8E-980F-ECC38248BDD3+1+2","action_id":1}]}'

Note: you can also send the access_token in the headers

S2S API V1

This API can be used to perform operations that are similar to the ones that you perform through the BeaconControl panel web page (https://beaconcontrol.io/dev/backend/s2s_api_docs_v1/index.html). As with the previous API, you need to authenticate. However, authentication requires a client_id and a client_secret that are not associated to a particular app. You can find them in the oauth_applications table in the database, it is the first entry with the name "BeaconOS". These values are also given to you when you run the bin/setup and configure the application for the first time.

Authentication is performed as follows:

curl -iXPOST 'http://your.backend.url/s2s_api/v1/oauth/token' -H "Content-Type: application/json; Accept: application/json" -d '{"client_id":"cliend_id_from_db","client_secret":"client_secret_from_db","grant_type":"password","email":"admin@example.com","password":"test123"}'

Please note that here you must use the email and password from a valid account in the BeaconControl panel. As in the previous case, this will give you a token that allows you to invoke the REST API methods.

I hope this clarifies things a little bit.

Best regards,

Humberto

[danielsotopino]

Thanks @otrebmuh !!