Here are the frequent issues you may face while your integration testing, & immediate steps to follow
Business to Business App Flow (Client Credentials)
Steps to do a client credentials flow:
- Loading the certificates
- Access Token call
- Run feature call
Step 1: Loading the Certificates
- Submit a CSR (Certificate Signed Request) and get the signed certificates from ADP
- Load the certificates in the tool (say SOAPUI) or to Linux machine (In this article, CURL scripts are provided to run the calls from UNIX command line.)
Step 2: Access Token call
- Do Access token call from command line (say puTTY):
- Ensure you have the following information ready:
- CERT_LOC : Location of the certificate
- KEY_LOC : Location of the key
- CLIENT_ID : client id provided by ADP
- CLIENT_SECRET : client secret provided by ADP
- TOKEN_ENDPOINT : The end point URL provided by ADP
- Run the below CURL command, (POST Call):
curl -ks –cert $CERT_LOC –key $KEY_LOC -o tokenResponse -d “client_id=${CLIENT_ID}&client_secret=${CLIENT_SECRET}&grant_type=client_credentials” ${TOKEN_ENDPOINT}
- Now extract the access token from the response “tokenResponse” using the below command:
ACCESS_TOKEN=`grep ‘”access_token”:”‘ tokenResponse | sed ‘s/.*access_token”:”\(.*\)”,*/\1/’`
- Ensure you have the following information ready:
- Issues you may encounter & debugging while you run Access Token call:
ERROR : Proper client SSL certificate was not presented
• Ensure that proper certificates are loaded/ The password for the certificates file is correct
ERROR : Invalid_client/Failed to get client credentials/ HTTP Response Code 401 – Unauthorized• Ensure that the supplied Client Id and Client Secret are correct
ERROR : Invalid_request/Missing or invalid grant_type/ HTTP Response Code 500 – Internal Server Error• Check the “grant_type” value is “client_credentials” or the payload of access token call is correct
Step 3: Run feature call
- Run feature from command line (say puTTY):
• Give the header “Authorization” and the value is “Bearer ACCESS_TOKEN” (ACCESS_TOKEN should be the access token obtained in access token call) along with other required headers for the feature call
- Issues you may encounter & debugging while you run feature call:
ERROR : Invalid_request/Validation error/HTTP Response Code 401 Unauthorized
• Check you are passing the “Authorization” header with value as “Bearer ACCESS_TOKEN” & it is not expired.
ERROR : Invalid_scope/ Scope you are requested for is not available/ HTTP Response Code 403• Ensure that the scope you are trying for is made available for your ClientId and Client secret (Contact ADP for getting this fixed)
• The product is not allowing you to do this specific operation.
• There might be some internal problem, please contact ADP
Business to Consumer App Flow (Authorization Code)
Steps for an integration test of Authorization code flow:
- Session call
- Authorize the session using user id and password
- Allow the consent if not
- Do the Access token call
- Do the feature call
Step 1: Session call
- Run Session call from Unix command line
- Ensure you have the following information ready:
- CERT_LOC : Location of the certificate
- KEY_LOC : Location of the key
- CLIENT_ID : client id provided by ADP
- CLIENT_SECRET : client secret provided by ADP
- TOKEN_ENDPOINT : The end point URL provided by ADP
- REDIRECT_URI : Redirection URL
- USER : username provided by ADP
- PASSWORD : password provided by ADP
- Run the below CURL command, (GET Call):
SESSION_ID=`curl -k -s “$TOKEN_ENDPOINT?response_type=code&client_id=$CLIENT_ID&redirect_uri=$REDIRECT_URI&scope=openid%20api” | perl -p -e ‘/.*sessionID” value=”(([a-zA-Z0-9]+)-.*)”.*/; $_=””; if (defined $1) { print $1; break; }’`
- Now session id will be available in SESSION_ID variable
- Ensure you have the following information ready:
- Issues you may encounter & debugging while you run session call:
ERROR : HTTP Response Code 302 / Invalid request
• Check your Client ID / redirect URI is correct, you have to use the same redirect URI you have provided to ADP
Step 2: Authorize Session Call
- Run Authorize Session call:
- Run the below CURL command, (POST Call):
curl -k -is -X POST -d “sessionID=$SESSION_ID&action=Login&username=$USER&password=$PASSWORD” -o loginResponse $TOKEN_ENDPOINT
- Fetch the response code & sessionCode from the response “loginResponse”:
HTTP_CODE=`head -1 loginResponse | sed ‘s/.* \([0-9]*\) .*/\1/’`
echo ” HTTP_CODE=${HTTP_CODE}”
SMSESSION=`cat loginResponse | perl -p -e ‘/(SMSESSION=”.*”)/; $_=””; print $1’`
echo ” ${SMSESSION}”
- Run the below CURL command, (POST Call):
- Issues you may encounter & debugging while you run Authorize Session call:
ERROR : HTTP Response Code 400/ oAuth session has expired
• Ensure you are using the session id generated in the authorize session call for this user, is not expired
ERROR : HTTP Response code 401/ Incorrect login credentials• Please use the login credentials provided by ADP
ERROR : HTTP Response code 302 and “error=invalid_request” in response Error• Check the Post call body is correct
Step 3: Allow Consent call (If Step2 response code is 200)
- Run Allow consent call using SESSION_ID and SMSESSION values, (POST call):
CODE=`curl -k -is -X POST -d “sessionID=$SESSION_ID&action=Confirm” -b ${SMSESSION} $TOKEN_ENDPOINT | perl -p -e ‘/code=(.*)\&/; $_=””; print $1’`
• Now access code will be saved in variable CODE which will be used to run the access token call
- Issues you may encounter & debugging while you run Allow Consent call:
If you are not able to allow the consent
• Check your POST call JSON body has correct data and ‘action’ has a valid value
Step 4: (If Step 2 response code is 302)
- Extract the access code from the Step 2 response:
- Run the below commands to extract the access code:
REDIRECT_URL=`grep ‘^Location: ‘ loginResponse | sed ‘s/^Location: //’`
CODE=`grep ‘^Location: ‘ loginResponse | perl -p -e ‘/code=(.*)\&/; $_=””; print $1’`
- Run the below commands to extract the access code:
Step 5: Access Token call
- Run the Access Token call:
- Run the below CURL command, (POST Call):
curl -k -is –cert $CERT_LOC –key $KEY_LOC -d ‘client_id=’$CLIENT_ID’&client_secret=’$CLIENT_SECRET’&code=’$CODE’&redirect_uri=’$REDIRECT_URI’&grant_type=authorization_code’ -o tokenResponse $TOKEN_ENDPOINT
- Extract the access token from the response “tokenResponse”:
ACCESS_TOKEN=`grep ‘”access_token”:”‘ tokenResponse | sed ‘s/.*access_token”:”\(.*\)”,*/\1/’`
- Run the below CURL command, (POST Call):
- Issues you may encounter & debugging while you run Authorize Session call:
ERROR : Invalid_client/Failed to get client credentials/ HTTP Response Code 401 – Unauthorized
• Ensure that the supplied Client Id and Client Secret are correct
ERROR : Invalid_request/Missing or invalid grant_type/ HTTP Response Code 500 – Internal Server Error• Check the “grant_type” value is “client_credentials”
Step 6: Run feature call
- Run feature call from command line (say puTTY):
• Give the header “Authorization” and the value is “Bearer ACCESS_TOKEN” (ACCESS_TOKEN should be the access token obtained in access token call) along with other required headers for the feature call
Other Issues
-
ERROR : 400 – Bad request
• Check you are passing all the required headers and valid values for the specific call
• Check the JSON payload is as per schemaERROR : 412 – Pre condition failed• Make sure you are sending the request correctly with all the required headers
• Ensure you are not sending any unwanted headersERROR : 404 – Not found• The data you are looking for is not found at product level.
