guizox
August 15, 2017, 2:10pm
#1
Hi.
My code is :https://mlintercambios.erpnext.com/api/resource/Vendedores?fields= [“vendedor_nome”, “vendedor_email”]’,
When I try to do this I receive a 403 error and the message is : you’ve no authorization to access this page.
I don’t know whether possibly this may help - all I know is that is revant_one is knowledgable here!
This is my URL "https://eshop.erpnext.com/api/method/frappe.integration_broker.oauth2.authorize?client_id=444cf344fd&scope=all openid&response_type=code&redirect_uri=http://nccnetherlands.com/n/view_pages.php/", but this URL does not take take me to login page. Why?
Somebody can check this URL, if it is correct? Because it is not working.
guizox
August 16, 2017, 10:30pm
#3
hi @clarkej https://mlintercambios.erpnext.com/api/method/frappe.integrations.oauth2.get_token
Do you know what should I do?@ManasSolanki could you help me with this, please?
guizox
August 16, 2017, 10:31pm
#4
Reading this : redirect_uri = client_id =
Where can I get all this information?
The first attempt you made was post request, without having any cookie/auth header. You’ve to be signed in with the user to access resource.
Instead of using javascript to make request from client side, it is recommended to make request from server side (php/python/rails/java/etc). It will avoid CORS and keep credentials safe.
This is not secure.
Your password is exposed in the javascript source.
looking at the screenshots both servers are frappe servers.
user frappeclient and server side calls, you won’t face cors issue there.
The second method is modern approach by using OAuth 2.0:
https://frappe.io/docs/user/en/guides/integration
By using OAuth 2.0. Users can choose to revoke access to the third party app.
