Battle.net API returns 401 Error using OAuth Token

Question

I'm using Nodejs with express on the Battle.net API to generate an Oauth Token. https://develop.battle.net/documentation/guides/using-oauth

Generating the token itself works, as it returns me the token. But when I use the code to make a request to their API, for example:

https://eu.api.blizzard.com/wow/guild/Malfurion/The%20new%20Dimension?fields=members&locale=de_DE&access_token=HEREISMYTOKEN

I get a 401 Unauthorized Error Response, debug log:

{ url:
      'https://eu.api.blizzard.com/wow/guild/Malfurion/The%20new%20Dimension?fields=members&locale=de_DE&access_token=HEREISMYTOKEN',
     status: 401,
     statusText: 'Unauthorized',
     headers: Headers { [Symbol(map)]: [Object] } }

I'm trying to fetch the members of a guild via fetch().

I already tried:

Creating a new Application (with new Client Secret and ID)
setting every possible callback url in the battle.net settings:

https://localhost/ http://localhost/ https://localhost:443/ http://localhost:443/ https://localhost/auth/bnet/callback http://localhost/auth/bnet/callback https://localhost:443/auth/bnet/callback http://localhost:443/auth/bnet/callback
creating a token manually by "trying out the api" (https://develop.battle.net/documentation/api-reference/world-of-warcraft-community-api), where you put in your Client ID and Secret and then get a temporary Token. THAT ONE works, also in my application.

You can compare response of those two urls (just use your browser):

First (Generated in my application): https://eu.api.blizzard.com/wow/guild/Blackmoore/The%20new%20Dimension?fields=members&locale=de_DE&access_token=EU7XD8E4K9IAJKBGJSP3MDBLAVCIU2BYXS

Second (Generated trying out the API on battle.net website where you fill out clientid and secret to test out the api): https://eu.api.blizzard.com/wow/guild/Blackmoore/The%20new%20Dimension?fields=members&locale=de_DE&access_token=US23su4g0hAeS5w3EUCkKA9MJPgJ8k8bzV

CODE

server.js, simple express app

var BNET_ID = "MYID";
var BNET_SECRET = "MYSECRET";

...

// Use the BnetStrategy within Passport.
passport.use(
  new BnetStrategy(
    { clientID: BNET_ID,
      clientSecret: BNET_SECRET,
      scope: "wow.profile sc2.profile",
      callbackURL: "https://localhost/",
      region: "eu" },
    function(accessToken, refreshToken, profile, done) {
      process.nextTick(function () {
        return done(null, profile);
      });
    })
);
// bnet auth routes
app.get('/auth/bnet', passport.authenticate('bnet'));

app.get('/auth/bnet/callback',
    passport.authenticate('bnet', { failureRedirect: '/' }),
    function(req, res){
        res.redirect('/');
});

controller.js

...

      const res = await fetch(`https://eu.api.blizzard.com/wow/guild/${servers[iterator]}/The new Dimension?fields=members&locale=de_DE&access_token=${thetoken}`).then((res) => {
        res.json();
        // for debugging, shows 401 Error
        console.log(res);
      });

...

I actually expect a response such as this, because it works using a temporary Token:

status: 200 OK

body: {
  "lastModified": 1546676373000,
  "name": "The new Dimension",
  "realm": "Blackmoore",
  "battlegroup": "Glutsturm / Emberstorm",
  "level": 25,
  "side": 0,
  "achievementPoints": 1005,
  "members": 
(......)
}

I managed to resolve the issue!

Very, very hacky but I managed to resolve the issue by hacking the oauth callback middleware like this: set my used API token to the req.user.token.

app.get('/auth/bnet/callback',
    passport.authenticate('bnet', { failureRedirect: '/?error' }),
    function(req, res) {
      req.session.bnettoken = req.user.token;

      res.redirect('/');
    }
);

I suspect that "code" or "token" is also used in my SessionStorage (express-session) to store the current session in my database. So I just hack the user.token out of the request and use that. Phew.. Hours of work.

Battle.net API returns 401 Error using OAuth Token

I managed to resolve the issue!

Answers (1)

Related Questions