withings oauth api: failing at oauth_flow_fetch

[schnee]

>> grant_type=authorization_code&code=a214abf21b777aa05826e091fb37819fca584fb9&redirect_uri=http%3A%2F%2Flocalhost%3A1410%2F&action=requesttoken&code_verifier=4lORJTmd1qmpykxjRhhobtwwS2dZTQ4cMBqdiMFo5EU&client_id=_removed_&client_secret=_removed_
*  TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
*  TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
*  old SSL session ID is stale, removing
<- HTTP/1.1 200 OK
<- date: Wed, 23 Aug 2023 22:04:15 GMT
<- server: Apache
<- access-control-allow-origin: *
<- access-control-allow-methods: GET, POST, OPTIONS
<- access-control-allow-headers: Content-Type, *
<- content-length: 246
<- content-type: application/json
<- 
<< {"status":0,"body":{"userid":"_removed_","access_token":"fe9e5f026_removed_04d67f4a5d25af","refresh_token":"6d34e442e_removed_4b44403e4b6cea3","scope":"user.metrics,user.info,user.activity","expires_in":10800,"token_type":"Bearer"}}
*  Connection #0 to host wbsapi.withings.net left intact
Error in `oauth_flow_fetch()`:
! Failed to process response from 'token' endpoint
Run `rlang::last_trace()` to see where the error occurred.

I'm attempting to perform the OAUTH flow against the Withings endpoint via the below statements and wind up getting the above error. Looking into oauth_flow_fetch, it appears that this should have been successful, but it is not. Ideas?

client <- oauth_client(
  id = client_id,
  secret = client_secret,
  token_url = "https://wbsapi.withings.net/v2/oauth2",
  auth="body",

  name = "withings"
)

client

token <- with_verbosity(
  oauth_flow_auth_code(
    client,
    auth_url = "https://account.withings.com/oauth2_user/authorize2",
    scope = "user.metrics,user.info,user.activity",
    host_name = "localhost",
    port = 1410,
    token_params = list(action = "requesttoken"),
  ),
  verbosity = 3
)

The API is documented at https://developer.withings.com/api-reference/#tag/oauth2/operation/oauth2-getaccesstoken

[hadley]

It looks like withings is returning a non-standard json, where the contents that httr2 expects are nested within the body field. Resolving this will require some thought since we'll need to provide some hook to oauth_flow_auth_code() to allow custom parsing.

[schnee]

(late reply...)

thanks

[hadley]

Related to this comment: https://github.com/mgirlich/httr2/blob/req_body_json-type/R/oauth-flow.R#L5-L8. Looks like we'd need to export oauth_flow_abort() to provide a complete solution.

When I do this, should also pass correct caller_env() through so that we can get more informative errors.