Consuming NopCommerce API from .Net

I am building a POS type application as a Windows Universal app.
I have the NopCommerce API installed and have generated the client id and secret
I am able to use the SevenSpikes sample app to get an access code and then get customer data

I have been trying to re-engineer the code into my application but without success.
The big difference between the sample app and a non-web based kiosk type app is the redirect URL.
I assume you should be able to post to the authorization url and get an access code back without needing to redirect to another page.

The code below returns invalid client the same if I point a browser to http://mysite.com/oauth/authorize, or http://mysite.com/api/token
Maybe it has something to do with incorrect headers- I have no clue.
I hope there's an easy way to do this from code behind.
I've spent umpteen hours on this and my client is waiting for a quote.


Console app code:

using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Threading.Tasks;

namespace testAuth
{
    class Program
    {
        static string grantType = "authorization_code;
        static  string clientId = "bcdc04fb-blah blah";
        static string clientSecret = "2f55d16c-blah blabety blah";
        static string scope ="scope.fullaccess"; 
        static string redirectUrl = "http://localhost/token";
        static Uri authorizationServerTokenIssuerUri;
        static void Main(string[] args)
        {
            
            
            //authorization server parameters owned from the client
            //this values are issued from the authorization server to the client through a separate process (registration, etc...)
              authorizationServerTokenIssuerUri = new Uri("http://mywebsite.com/oauth/authorize"); 
            

            //access token request
            string rawToken = RequestTokenToAuthorizationServer(
                 authorizationServerTokenIssuerUri,
                 clientId,
                 scope,
                 clientSecret)
                .GetAwaiter()
                .GetResult();
            var x = rawToken;
            //...some more code
        }


        private static async Task<string> RequestTokenToAuthorizationServer(Uri uriAuthorizationServer, string clientId, string scope, string clientSecret)
        {
            HttpResponseMessage responseMessage;
            using (HttpClient client = new HttpClient())
            {
                HttpRequestMessage tokenRequest = new HttpRequestMessage(HttpMethod.Post, uriAuthorizationServer);

              string queryParameters = string.Format("client_id={0}&client_secret={1}&code={2}&grant_type={3}&redirect_uri={4}", clientId, clientSecret, "", grantType, redirectUrl);

                HttpContent httpContent =  new FormUrlEncodedContent(
                    new[]
                    {
                    new KeyValuePair<string, string>("grant_type", grantType),
                    new KeyValuePair<string, string>("client_id", clientId),
                    new KeyValuePair<string, string>("scope", scope),
                    new KeyValuePair<string, string>("code", ""),
                    new KeyValuePair<string, string>("redirect_uri", redirectUrl),
                    new KeyValuePair<string, string>("client_secret", clientSecret),
                    new KeyValuePair<string, string>(" response_type", "code")
                     });
                tokenRequest.Content = httpContent;
                responseMessage = await client.SendAsync(tokenRequest);
            }
            return await responseMessage.Content.ReadAsStringAsync();
        }


    }
    public class UserAccessModel
    {
        public string ClientId { get; set; }

        public string ClientSecret { get; set; }

        public string ServerUrl { get; set; }

        public string RedirectUrl { get; set; }
    }
}
 

Hi,

The Redirect Url is mandatory for the API because it is using the standard described here.

Here are a few solutions:

1. Change the expiration date of the access token and use a hard coded access token in your app. Please note that this solution is not secure and will work only if you connect your app to one store.

2. Change the OAuth flow but this will require modifications to the API plugin.

3. Create a middle server which will handle obtaining of the token.

Regards,
Stoyan

Thanks for the info but could you elaborate on #1?

Yes, each kiosk will only be talking to a single store.

Same problem here. Redirect Uri should not be mandatory for authentication. How can i configure this API for MOBILE APP? Please can anybody of you describe? Thanks in advance.