0 Replies Latest reply on Mar 22, 2016 2:00 PM by kevin_gu

    OAuth authorization code grant always shows "permission request" page


      Hi Dev from Jive:


      I am currently implement an Jive oauth client using Authorization code grant type. but I found that every time at the authorization code grant request step, https://spark-otpp.jiveon.com/oauth2/authorize?client_id=XXXXXXXXXXXXXXXXXXXXXXX.i&response_type=code&scope=read%20write 


      it prompt login page first and then always shows a "permission request" as below:




      It does the same thing at your dev sandbox as well you can reproduce as long as you are using authorization code grant type.


      after that using the authorization code in access token grant request  https://spark-otpp.jiveon.com/oauth2/token  step is working correctly and I am able to use the access token to make rest call to your api.


      the only problem is the above permission request page is showed every time which brings a very weird user experience to my customers and I don't think that's a proper way. also since in the message "you can revoke access at any time in the future via the external services perference tab under Persional settings" i think Jive developers didn't mean to develop in this way and possibly it's a bug.


      in addition if you try to implement an oauth client for Facebook using authorization code grant type (which is the only grant type they support) you will see they do have a similar "permission request" page:



      facebook authorization code step.PNG


      but the difference is it will only show once for the same facebook account. which is what other oauth implementation acting like.


      I had a discussion with couple of your supports already in this thread how to skip the jive rest api's "permissions request" page?  I didn't get what i want from there, hopefully I can get a different answer here.


      Derek Hunter