You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
I receive 403 when I POST a request to get the token.
Request payload:
{
"grant_type":"authorization_code",
"client_id":"xxx",
"client_secret":"XXXX",
"code":"XXXXXX",
"redirect_uri":"http://localhost:4200/"
}
responseType: 'text'
Hi Hosein,
I see that you are getting a 403 error when trying to get an OAuth token here. However I'm not sure I understand which version of OAuth you are using here (1.0 or 2.0) or which kind of integration you are attempting to make.
The URL you are calling makes me think you're trying to follow https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ But if that's the case, then I'd want to better understand if you have first completed step #1
1. Direct the user to the authorization URL to get an authorization code
As described in the Overview above, your app should start the authorization flow by directing the user to the authorization URL:
https://auth.atlassian.com/authorize? audience=api.atlassian.com& client_id=YOUR_CLIENT_ID& scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO& redirect_uri=https://YOUR_APP_CALLBACK_URL& state=YOUR_USER_BOUND_VALUE& response_type=code& prompt=consent
If the callback URL does not match exactly (including any trailing /) then this could explain the bad request error here. I can see in the 2nd call your redirect_uri is
http://localhost:4200/
But I don't know exactly what was entered in step #1 here.
Also what headers are being included in this 2nd request. I don't see a clear problem with the payload, but sometimes if we don't specify the headers then it can be seen a bad request.
The example on that page is using curl to make this request:
curl --request POST \ --url 'https://auth.atlassian.com/oauth/token' \ --header 'Content-Type: application/json' \ --data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
Try this and let me know the results.
If you're following a different guide here, please let me know which one.
Andy
Thank you @Andy Heinzer for the response.
I am using OAuth 2.0 and I direct the user to the login page and it comes back with code successfully. But in the second request when I send the POST request to get the token this error occurs.
This is the header for the second request:
{'Content-Type': 'application/json'}
And this is what I receive:
{"error":"invalid_grant","error_description":"Invalid authorization code"}
I also shared this question in StackOverflow:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ajay,
Yes, I noticed that the function that I call to extract the token was not working accurately.
I took it manually from the response URL and it worked!
Thank you,
Hosein
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
can you please share with us the correct function ? i'm facing the same problem and it took me so much time , i dont know where the problem is , the data i provided is valid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.