What does "bad authorization header" mean when calling RevokeAccessToken?

RussPete · May 6, 2020, 5:13pm

I’m getting an “bad authorization header” exception when trying to call the .Net RevokeAccessToken() function. I’m wondering if you can look in the sandbox logs to see what is not done correctly. The sandbox application ID is sandbox-sq0idb-5tdxJb07W00p1bceSNSPeA

Here is my code:

string AppAccessToken = ApplicationAccessToken();
string AppId = ApplicationId();
string AppSecret = ApplicationSecret();

string AccessToken = null;
dynamic SquareData = JObject.Parse(g.Company.CCProcessorData);
if (SquareData != null && SquareData.AccessToken != null)
{
AccessToken = Convert.ToString(SquareData.AccessToken);
}

if (AppAccessToken != null && AppId != null && AppSecret != null && AccessToken != null)
{
SquareClient SquareApi = new SquareClient.Builder()
.Environment(g.TestMode ? Square.Environment.Sandbox : Square.Environment.Production)
.AccessToken(AppAccessToken)
.Build();

RevokeTokenRequest RevokeTokenReq = new RevokeTokenRequest.Builder()
.ClientId(AppId)
.AccessToken(AccessToken)
.Build();

try
{
RevokeTokenResponse RevokeTokenResp = SquareApi.OAuthApi.RevokeToken(RevokeTokenReq, AppSecret);
}
catch (ApiException Ex)
{}
}

Thanks

sjosey · May 6, 2020, 5:25pm

I believe the AppSecret needs to be in the format of literally Client APP_SECRET, so be sure to add Client to this string, if you didn’t already. The bad authorization header means the authorization header is in an incorrect format, so I’m either the app secret is incorrect, or it’s missing the word Client.

RussPete · May 6, 2020, 7:05pm

Thanks @sjosey, Its now working. I’m really surprised that wasn’t included in the SDK code. But I’m glad it is working.

RevokeTokenResponse RevokeTokenResp = SquareApi.OAuthApi.RevokeToken(RevokeTokenReq, "Client " + AppSecret);