Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Exchange authorization code for access token => 403 : error_description: "Invalid authorization code

Sean Nourani July 27, 2020

I receive 403 when I POST a request to get the token.

Request payload:

{

"grant_type":"authorization_code",

"client_id":"xxx",

"client_secret":"XXXX",

"code":"XXXXXX",

"redirect_uri":"http://localhost:4200/"

}

responseType: 'text'

URL: 'https://auth.atlassian.com/oauth/token'

1 answer

0 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 31, 2020

Hi Hosein,

I see that you are getting a 403 error when trying to get an OAuth token here.  However I'm not sure I understand which version of OAuth you are using here (1.0 or 2.0) or which kind of integration you are attempting to make.

The URL you are calling makes me think you're trying to follow https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ But if that's the case, then I'd want to better understand if you have first completed step #1

1. Direct the user to the authorization URL to get an authorization code

As described in the Overview above, your app should start the authorization flow by directing the user to the authorization URL:

https://auth.atlassian.com/authorize?
  audience=api.atlassian.com&
  client_id=YOUR_CLIENT_ID&
  scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO&
  redirect_uri=https://YOUR_APP_CALLBACK_URL&
  state=YOUR_USER_BOUND_VALUE&
  response_type=code&
  prompt=consent

If the callback URL does not match exactly (including any trailing /) then this could explain the bad request error here.   I can see in the 2nd call your redirect_uri is

http://localhost:4200/

But I don't know exactly what was entered in step #1 here.

Also what headers are being included in this 2nd request.  I don't see a clear problem with the payload, but sometimes if we don't specify the headers then it can be seen a bad request.

The example on that page is using curl to make this request:

curl --request POST \
  --url 'https://auth.atlassian.com/oauth/token' \
  --header 'Content-Type: application/json' \
  --data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'

Try this and let me know the results.

If you're following a different guide here, please let me know which one.

Andy

Sean Nourani July 31, 2020

Thank you @Andy Heinzer for the response.

I am using OAuth 2.0 and I direct the user to the login page and it comes back with code successfully.  But in the second request when I send the POST request to get the token this error occurs.  

This is the header for the second request:

{'Content-Type': 'application/json'}

And this is what I receive:

{"error":"invalid_grant","error_description":"Invalid authorization code"}

 I also shared this question in StackOverflow: 

https://stackoverflow.com/questions/63159160/atlassian-cloud-oauth-2-0-error-403-on-post-request-to-get-token

 

Ajay Prem Shankar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 17, 2020

@Sean Nourani were you able to find a solution to this?

Sean Nourani September 17, 2020

Hi Ajay, 

Yes, I noticed that the function that I call to extract the token was not working accurately.

I took it manually from the response URL and it worked!

 

 

Thank you,

Hosein

nada_bouslama
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 25, 2023

can you please share with us the correct function ? i'm facing the same problem and it took me so much time , i dont know where the problem is , the data i provided is valid 

Rohit Magar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
September 22, 2023

Hi @Sean Nourani please share the solution even I am facing the same problem, bdw I am taking the code value manually from the URL and still its not working

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events