POST requests result in -1 or 0

polly123 · August 29, 2018, 8:46am

Hi, I'm new here and I need some help regarding consuming rest apis.

I have managed to set up an API with OAUTH2 on Azure. I want both my Arduino and Android application to be able to consume this API. To do this, they first need a Bearer token. I have been able to succesfully make a request with postman to get this token so that I then can make authorized requests with that token. Below is the Curl code for the postman request. (I have replaced the actual secrets with dummy data, but you get the idea)

    curl --request POST \
      --url https://login.microsoftonline.com/CLIENT_ID/oauth2/token \
      --header 'Cache-Control: no-cache' \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --header 'Postman-Token: XXX' \
      --header 'content-type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
      --form grant_type=client_credentials \
      --form client_id=YYY\
      --form 'client_secret=ZZZ' \
      --form 'resource=https://XYZ.azurewebsites.net

'

Running this request in postman yields the following response:

    {
        "token_type": "Bearer",
        "expires_in": "3600",
        "ext_expires_in": "0",
        "expires_on": "1535466063",
        "not_before": "1535462163",
        "resource": "https://XYZ.azurewebsites.net",
        "access_token": "ACCESS_TOKEN"
    }

Now I can use this access_token to do "regular" requests with, I have confimed that it works with Postman. However when I try to do this request on my arduino, I don't get any response at all. I have tried using ESP8266HTTPClient and the ESP8266RestClient client but both yield similar results. Below is my code for both of them.

  static RestClient restClient = RestClient("");
    
      restClient.begin(WIFI_SSID, WIFI_PWD);
      String response;
      
      restClient.setHeader("Content-Type: multipart/form-data");
      restClient.setHeader("Content-Type: application/x-www-form-urlencoded");
      restClient.setHeader("Cache-Control: no-cache");
    
      char* payload = "grant_type=client_credentials&client_id=YYY&client_secret=ZZZ&resource=https://XYZ.azurewebsites.net";
      
      int statusCode = restClient.post("https://login.microsoftonline.com/CLIENT_ID/oauth2/token", payload, &response);
      Serial.print("Status code from server: ");
      Serial.println(statusCode);
      Serial.print("Response body from server: ");
      Serial.println(response); 


      //Testing the regular client
      HTTPClient http;
      http.begin("https://login.microsoftonline.com/CLIENT_ID/oauth2/token");
      http.addHeader("Content-Type", "multipart/form-data");
      int httpResponseCode = http.POST(payload);
      String response1 = http.getString();
      Serial.println("Regular:");
      Serial.println(httpResponseCode);
      Serial.println(response1);

If I look in the output, it writes:

    Status code from server: 0
    Response body from server:
    Regular:
    -1

These are some considerations I have been thinking about:

The URLS are using HTTPS and not HTTP. Could it be this encryption that causes these issues? Do I need to supply some kind of CA certificate?
CORS, though I tried disabling CORS completely in the API and it did not help.
One of my keys in the form data (not seen here as I replaced it with dummy data in this post) has a '=' in them. Could this mess up the form data? Do I need to escape these characters?

The code 0 and -1 suggest that there is an error sending the request, I just don't know why! Do anyone have any suggestion on what I could try here?

Juraj · August 29, 2018, 9:44am

yes
why CORS? is a browser involved?
no

polly123 · August 29, 2018, 10:12am

Juraj:

yes

why CORS? is a browser involved?

no

Alright, any idea how to proceed? I have googled a bit about using HTTPS on Arduino but there doesn't seem to be any support for this at all? Is there any workaround or something? It is okay if it is slow, all I want is to post some temperature data to an api.
No browser is involved, just trying things.
Alright, good to know.

Juraj · August 29, 2018, 11:18am

esp8266 arduino core has SSL support. I didn't try it. Update to 2.4.2 esp8266 core and see the examples.

polly123 · August 29, 2018, 11:53am

Juraj:
esp8266 arduino core has SSL support. I didn't try it. Update to 2.4.2 esp8266 core and see the examples.

Alright, thanks. Do you happen to know which package I should install? I have searched for esp8266 in the library manager but there are a ton of different versions, sadly no 2.4.2

Edit: Think I found it, I will try it: GitHub - esp8266/Arduino: ESP8266 core for Arduino
https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi/client-secure-examples.html

Juraj · August 29, 2018, 11:55am

in board manager only update for esp8266

polly123 · August 29, 2018, 12:23pm

Juraj:
in board manager only update for esp8266

Yeah, I think I got it. I followed this guide ( https://arduino-esp8266.readthedocs.io/en/latest/esp8266wifi/client-secure-examples.html ) and got the fingerprint for the certificate but I cannot seem to connect. This is what I did:

const char* host = "login.microsoftonline.com";
const char* fingerprint = "F3 B4 14 05 6D 8F B8 6D 98 FB 6F 28 2D 8F 45 1F 0A 87 BA 40";
  WiFiClientSecure client;
  Serial.print("connecting to ");
  Serial.println(host);
  if (!client.connect(host, 443)) {
  Serial.println("connection failed");
  return;
  }

This results in:

connecting to login.microsoftonline.com
connection failed

I did try their Github example so the code works. I guess it has to do with the oauth2 things Microsoft is doing?

system · May 5, 2021, 11:21pm