node.jsupwork-api

Upwork api redirects to the 'Unauthorized' page after my second attempt to get verifier

I have a problem getting verifier for API customer_key and customer secret.

  1. I'm using code from Authorize and get verifier section from Upwork API Reference:
var UpworkApi = require('upwork-api')
  , rl = require('readline');

var config = {
  'consumerKey' : 'my_consumer_key',
  'consumerSecret' : 'my_secret_key'
};

var api = new UpworkApi(config);
var callbackUrl = 'http://my-callback.com';

api.getAuthorizationUrl(callbackUrl, function(error, url, requestToken, requestTokenSecret) {
  if (error) throw new Error('can not get authorization url, error: ' + error);

  // Authorize application
  var i = rl.createInterface(process.stdin, process.stdout);
  i.question('Please, visit an url ' + url + ' and enter a verifier: ', function(verifier) {
    i.close();
    process.stdin.destroy();
  });
});

  1. I'm filling correct consumerKey, consumerSecret and callbackUrl

  2. I'm running the app and it seems to work fine. I'm getting the following message in my terminal: Please, visit an URL https://www.upwork.com/services/api/auth?oauth_callback= http://my-callback.com&oauth_token=999888777 (I'm changing callback and OAuth token in URL in this example to not expose our tokens and data)

  3. I'm opening the URL and authorize the application on the upwork website. Upwork redirects me to the 404 page after authorization, which is weird, but a verification number that I'm looking for is in the URL, so I'm able to copy it: https://i.sstatic.net/3o91l.png

So, the whole flow seems to work almost fine (except the redirect to the 404 page on step 4)

The problem occurs when I'm trying to get thru this flow again, say, I didn't save the verifier from the first time.

And when I'm doing it again, upwork redirects me to the Unauthorized page, which looks like this: https://i.sstatic.net/jMlSj.png

Can anyone clarify whether I'm doing something wrong?

Solution

  • First, please, check what type of project is specified in the settings of your key - you might want to have Web project. Secondly, I'd verify the used callback URL.

    Finally, (if you use OAuth1 flow) a verifier has limited life, about 10 minutes. Also, it can't be reused.

    If that doesn't help, please, contact Support Team and provide all the details, including the URL which produces 404.