Hello,
I’m trying to get a refresh token using the Monzo API and Postman but when trying to authenticate I get the ‘Monzo Security’ window pop up, and then after clicking ‘continue to login’, entering my email address and completing the email step, I just get taken to a blank Postman callback page.
Has anyone encountered this before?
I’m guessing here but i’m not sure whether the OAuth2 functionality provided by Postman (not really used it before) expects for the auth url to perform the navigation within the same window (i.e. within the popup window it expects it to do the navigation to the callback url). Obviously with Monzo you’ll get an e-mail that has the url in instead which is outside the context of that popup window.
You can drag the URL from your web browser into the blank page and it’ll redirect (going from memory).
Jack, I could kiss you.
Thank you so much!
Argh! My woes continue.
I’m now getting a 400 bad request when trying to refresh the token. The following is the response, using httpie.
HTTP/1.1 400 Bad Request
CF-RAY: 4f6f72905df9ce23-LHR
Connection: keep-alive
Content-Type: application/json
Date: Mon, 15 Jul 2019 23:17:02 GMT
Expect-CT: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct”
Server: cloudflare
Set-Cookie: __cfduid=dbe9d471cafbc29a20151cba8260fb50b1563232622; expires=Tue, 14-Jul-20 23:17:02 GMT; path=/; domain=.monzo.com; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Trace-Id: 93e63a61-5ca2-4af4-4f48-e63a78bef8fc
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
Normally if you get a 400 without any error in the response then it’s just a malformed request that is missing something. Normally people forgetting to set the correct grant_type or add the refresh_token key/value.
What does your request look like? It should be (using httpie):
http --form https://api.monzo.com/oauth2/token grant_type=refresh_token client_id=<client_id> client_secret=<client_secret> refresh_token=<refresh_token>
So using httpie I get…
{
“code” : “bad_request.could_not_authenticate”,
“error” : “invalid_request”,
“error_description” : “Could not authenticate with provided credentials”,
“message” : “Could not authenticate with provided credentials”
}
Not sure what I’m missing?
Either your client secret is invalid or you have a mismatch of credentials.
So firstly, check your client secret is valid.
Secondly, do you have multiple clients setup on the developer portal? If so, it may be that you’re using a valid client_id and client_secret however, they are not the same ones that were used from where the refresh_token was generated (when you exchanged your auth code for the access token).
Hi James,
I ended up creating a new OAuth client in the end, thanks for your help.
I can’t believe I’m posting here again, but the whole dragging the URL into Postman now does absolutely nothing!?!
I can’t get it to do anything, tried uninstalling, reinstalling, trying Postman Canary, still nothing. Aaaggghhh!
Does not work for me either. Ended up just copying the authorization code from the URL over into a variable…
Acquiring the access token is automatic afterwards. So should the refresh of the access token?
Tried on Windows and worked without issue.
Can you explain what you mean by ‘copying the authorization code from the URL over into a variable’ please?
I mainly use Insomnia at the moment, but I think Postman is similar.
It’s a two step process:
This step you seem to do already. Once you have the link in the email, copy out the value after “key=”. But without the optional “state=+”.
In Postman you can use Environments. Set one up for Monzo and add a variable (e.g. auth_code) and copy over the code from step 1.
Now you can reference this variable as {{auth_code}} and use in your POST request for the access_token.
If it helps, I have a Monzo Workspace set up in Insomnia. Could share, if you would like to see an example.
Thinking of this, it’s probably a little overkill with the environment variable. You could just copy the code into the value of the body key “code”. But guess I still have the hope, that I could find a way of automating this in Insomnia / Postman.
Not sure if I actually helped you with my answer?