soundcloud /oauth2/token returning nothing but a 401 response

Question

I noticed that some code I wrote using SoundcloudPHP stopped authenticating today, though it was working fine last time I used it a few days ago. To root out the problem, I've been trying to authenticate using the /oauth2/token endpoint but the response has been a 401 and empty body. I've been using the curl from the page at https://developers.soundcloud.com/docs/api/reference#token

From the command line:

curl -v -X POST "https://api.soundcloud.com/oauth2/token" -F 'client_id=MY_ID' -F 'client_secret=MY_SECRET' -F 'grant_type=authorization_code' -F 'redirect_uri=MY_REDIRECT' -F 'code=0000000EYAA1CRGodSoKJ9WsdhqVQr3g'

The response:

* About to connect() to api.soundcloud.com port 443 (#0)
*   Trying 72.21.91.127... connected
* Connected to api.soundcloud.com (72.21.91.127) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*    subject: OU=Domain Control Validated; CN=*.soundcloud.com
*    start date: 2014-04-22 16:52:12 GMT
*    expire date: 2016-04-08 10:08:48 GMT
*    subjectAltName: api.soundcloud.com matched
*    issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Domain Validation CA - SHA256 - G2
*    SSL certificate verify ok.
> POST /oauth2/token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: api.soundcloud.com
> Accept: */*
> Content-Length: 658
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e695cc6c8133
> 
< HTTP/1.1 100 Continue
< HTTP/1.1 401 Unauthorized
< Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Origin
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Date
< Cache-Control: private, max-age=0, must-revalidate
< Date: Thu, 01 Oct 2015 23:25:25 GMT
< Server: am/2
< Content-Length: 0
< 
* Connection #0 to host api.soundcloud.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

I've created new client tags to see if they'd work and I get the same thing. Since I'm using the curl provided in the docs I'd expect it to work. Any ideas?

Answer 1

I managed to resolve this issue for the Soundcloud API for Cocoa using the solution from @njsam

on SCSoundCloud.m, add these lines :

NSDictionary *customHeaderFields = [NSDictionary dictionaryWithObject:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];
[config setObject:customHeaderFields forKey:kNXOAuth2AccountStoreConfigurationCustomHeaderFields];

your method should be like this:

+ (void)setClientID:(NSString *)aClientID
         secret:(NSString *)aSecret
    redirectURL:(NSURL *)aRedirectURL;
{
    NSMutableDictionary *config = [NSMutableDictionary dictionary];

    [config setObject:aClientID forKey:kNXOAuth2AccountStoreConfigurationClientID];
    [config setObject:aSecret forKey:kNXOAuth2AccountStoreConfigurationSecret];
    [config setObject:aRedirectURL forKey:kNXOAuth2AccountStoreConfigurationRedirectURL];

    [config setObject:[NSURL URLWithString:kSCSoundCloudAuthURL] forKey:kNXOAuth2AccountStoreConfigurationAuthorizeURL];
    [config setObject:[NSURL URLWithString:kSCSoundCloudAccessTokenURL] forKey:kNXOAuth2AccountStoreConfigurationTokenURL];
    [config setObject:[NSURL URLWithString:kSCSoundCloudAPIURL] forKey:kSCConfigurationAPIURL];
     NSDictionary *customHeaderFields = [NSDictionary dictionaryWithObject:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];
    [config setObject:customHeaderFields forKey:kNXOAuth2AccountStoreConfigurationCustomHeaderFields];

    [[NXOAuth2AccountStore sharedStore] setConfiguration:config forAccountType:kSCAccountType];
}

Besides, we needed to update the OAuth2Client Library here to have support for kNXOAuth2AccountStoreConfigurationCustomHeaderFields

Hope this can help some people for IOS

Answer 2

I'm the creator of the php https://github.com/njasm/soundcloud library.

And the users of it reported the same problem, in fact what you say is also true that now, the curl examples on soundcloud don't work anymore (for some weird reason). Investigating the issue to fix the library I've found what seems to be a content-type issue.

It seems that the content-type you need to use when requesting/refresh a token MUST always be application/x-form-urlencoded, and before we (the library) was working fine by communicating with a content-type of application/json.

If you are a user of my library, you should update to the latest master. If you can help testing the fix, please report back to the issue page https://github.com/njasm/soundcloud/issues/25

Update: It's confirmed the content type MUST be application/x-form-urlencoded

I'm conducting some test to confirm that this is in fact the case. If so, I'll tag the commit to a stable release.

Good luck, and hope this helps!