Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization Request #31

Open
alannaidon opened this issue Nov 1, 2024 · 1 comment
Open

Authorization Request #31

alannaidon opened this issue Nov 1, 2024 · 1 comment

Comments

@alannaidon
Copy link

alannaidon commented Nov 1, 2024
edited
Loading

Hello!
I'm not sure if this is the place to get this kind of help, but I don't know where else to ask.

I already registered my APP and got my Client ID and Client Secret.
I followed the guide and downloaded Postman collection & environments, but I can't manage to make the /authorize request.

I ended up with the following endpoint

https://sandbox.opengateway.telefonica.com/apigateway/authorize
?client_id={{application-client-id}}
&response_type=code
&purpose={{api-product-purpose}}
&redirect_uri={{application-backend-callback-url}}
&state={{enduser-identifier}}
&login_hint=tel:+5555999999999 // also tried as `phoneNumber:+5555999999999`

According to Telefónica Sandbox page, login_hint is optional, but I'm getting the error saying it is missing even after adding it to query params.

StatusCode: 400
{
  "message": "Missing login_hint"
}

Also tried to access the URL from my mobile phone connected to the carrier's network and send it on body request, but got the same error.
I need some help to understand what am I missing.

Is it ok to use NGROK as a callback URL for tests? When registering my App I checked the MOCK Mode option.

obs:
I tried to make the request from Sandbox page, but it gives a different error. It does not redirect to the Callback URL I wrote.

https://sandbox.opengateway.telefonica.com/apigateway/auth/callback?code=eyJrZX...bigToken...=

Thanks a lot!
@diegotid
Copy link
Member

diegotid commented Nov 5, 2024

Hi Alan!

Thank you so much for your feedback. This is the right place indeed... or at least a good one. Sorry this is me who wasn't watching.

The point is that, since our Sandbox is for free and more importantly for non-commercial use, we need to somehow limit the access to actual operator' customers data and we do it by checking a mobile line whitelist in which you should add your own lines if you want to access the production mode.

Even if you are using the mock mode, the /authorization endpoint needs the login_hint to be informed about the end-user identity and check the whitelist. This parameter is optional according to OIDC but that's the one we use for checking the whitelist.

Just put a value there if you are using the mock mode (Vivo will be onboarded to the Sandbox by the end of the year) and you are good to test ;)

We've just added this context to our API reference description and created a new guide explaining it:
https://developers.opengateway.telefonica.com/reference/authorize

So again, thank you for reporting as it helps us improve the content

Best
Diego

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alannaidon @diegotid