Docs
Search K

Appearance

📑 Troubleshooting Guide – Autodesk OAuth Workflow in MinuteView ​

This guide is intended to help identify and resolve issues with Autodesk Platform Services (APS) OAuth authentication when MinuteView is installed on a client’s server (IIS-hosted, non-public URL).

1. Confirm Redirect URI Accessibility ​

Goal: Ensure the user’s browser can reach the redirect URL after Autodesk login.

  • Check IIS binding

    • Verify that IIS is listening on the expected hostname and port (https://<servername>/MinuteView/PageGeneral/ServiceCallback.aspx).
    • Confirm the binding uses a valid SSL certificate.

  • From the server itself

    • Open a browser on the server and directly navigate to the callback URL.
    • You should see either a blank success page, a test response, or an IIS error that proves IIS is listening.

  • From a client workstation (inside the same LAN)

    • Do the same test from a user’s PC, not just the server.
    • If it fails here, the issue is DNS resolution, firewall rules, or SSL trust.

  • Common blockers

    • Firewall/proxy disallows redirects from external domains (Autodesk) to internal domains.
    • Internal DNS name not resolvable on end-user machines.
    • SSL certificate not trusted (self-signed or internal CA not deployed).

2. Validate Autodesk App Configuration ​

Goal: Ensure APS and MinuteView agree on the exact redirect URI.

  • Log into Autodesk Developer Portal.

  • In the App settings, confirm that the Redirect URI matches exactly:

    • Protocol (https vs http)
    • Hostname (server.company.com vs localhost)
    • Port (if non-default)
    • Path (/MinuteView/oauth/callback)

⚠️ Even a trailing slash mismatch will cause failure.

3. Debug the First Redirect (Browser Stage) ​

  • Open Developer Tools → Network while signing in.

  • Observe the final 302 or Location header Autodesk sends.

  • Copy the URL.

    • If it points correctly to your IIS callback, but the browser can’t display it → network or SSL problem.
    • If it’s wrong → Autodesk app misconfiguration.

4. Test the Token Exchange (Server Stage) ​

Goal: Confirm the server can reach Autodesk’s token endpoint.

  • After the user lands at /MinuteView/oauth/callback?code=xxxx, MinuteView exchanges the code for a token by POSTing to:

    https://developer.api.autodesk.com/authentication/v2/token

  • On the server:

    powershell
    curl -X POST "https://developer.api.autodesk.com/authentication/v2/token" `
     -H "Content-Type: application/x-www-form-urlencoded" `
     -d "client_id=XXX&client_secret=YYY&grant_type=authorization_code&code=TESTCODE&redirect_uri=https://<servername>/MinuteView/PageGeneral/ServiceCallback.aspx"

For more information, refer to Autodesk Platform services documentation

  • Expected: JSON with access_token.

  • If it fails:

    • Proxy/firewall is blocking outbound HTTPS.
    • Server doesn’t trust Autodesk’s CA.
    • Outbound traffic only allowed via whitelisted domains (Autodesk may need to be whitelisted).

5. Certificate and Proxy Considerations ​

  • SSL trust: Ensure the IIS certificate is valid and trusted on all domain-joined machines. Import the root CA if necessary.
  • Proxy settings: If outbound traffic must go through a corporate proxy, configure the Windows Server’s WinHTTP proxy (netsh winhttp show proxy).
  • Inspection devices: TLS inspection may break OAuth if Autodesk certificates are replaced by internal ones — verify the Autodesk cert chain.

6. Environmental Differences (Server vs Client PC) ​

  • On a user’s PC, the redirect normally succeeds if the PC can resolve and reach the internal site.

  • On a server, the redirect also works (since it’s just a browser operation), but sometimes servers are more restricted:

    • No outbound internet by default.
    • Hardened IE/Edge security.
    • Limited root CA trust store.

âś… Recommendation: Always test both from the server browser and from a user PC browser to confirm whether the issue is server-specific or network-wide.

7. Step-by-Step Checklist ​

  1. Check redirect URL accessibility (server + client PC).

  2. Verify Autodesk app redirect URI configuration.

  3. Use browser dev tools to capture the final redirect.

  4. Manually test token exchange from the server with curl/PowerShell.

  5. Confirm SSL certs are valid/trusted.

  6. Check firewall/proxy logs for blocked traffic.

  7. If still failing, escalate to IT security with domains to whitelist:

    • developer.api.autodesk.com
    • accounts.autodesk.com
    • Any subdomains used in OAuth redirects.

Tentech 2024