I receive 403 when I POST a request to get the token.
Request payload:
{
"grant_type":"authorization_code",
"client_id":"xxx",
"client_secret":"XXXX",
"code":"XXXXXX",
"redirect_uri":"http://localhost:4200/"
}
responseType: 'text'
Hi Hosein,
I see that you are getting a 403 error when trying to get an OAuth token here. However I'm not sure I understand which version of OAuth you are using here (1.0 or 2.0) or which kind of integration you are attempting to make.
The URL you are calling makes me think you're trying to follow https://developer.atlassian.com/cloud/jira/platform/oauth-2-authorization-code-grants-3lo-for-apps/ But if that's the case, then I'd want to better understand if you have first completed step #1
1. Direct the user to the authorization URL to get an authorization code
As described in the Overview above, your app should start the authorization flow by directing the user to the authorization URL:
https://auth.atlassian.com/authorize? audience=api.atlassian.com& client_id=YOUR_CLIENT_ID& scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO& redirect_uri=https://YOUR_APP_CALLBACK_URL& state=YOUR_USER_BOUND_VALUE& response_type=code& prompt=consent
If the callback URL does not match exactly (including any trailing /) then this could explain the bad request error here. I can see in the 2nd call your redirect_uri is
http://localhost:4200/
But I don't know exactly what was entered in step #1 here.
Also what headers are being included in this 2nd request. I don't see a clear problem with the payload, but sometimes if we don't specify the headers then it can be seen a bad request.
The example on that page is using curl to make this request:
curl --request POST \ --url 'https://auth.atlassian.com/oauth/token' \ --header 'Content-Type: application/json' \ --data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
Try this and let me know the results.
If you're following a different guide here, please let me know which one.
Andy
Thank you @Andy Heinzer for the response.
I am using OAuth 2.0 and I direct the user to the login page and it comes back with code successfully. But in the second request when I send the POST request to get the token this error occurs.
This is the header for the second request:
{'Content-Type': 'application/json'}
And this is what I receive:
{"error":"invalid_grant","error_description":"Invalid authorization code"}
I also shared this question in StackOverflow:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ajay,
Yes, I noticed that the function that I call to extract the token was not working accurately.
I took it manually from the response URL and it worked!
Thank you,
Hosein
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
can you please share with us the correct function ? i'm facing the same problem and it took me so much time , i dont know where the problem is , the data i provided is valid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Hosein Nourani please share the solution even I am facing the same problem, bdw I am taking the code value manually from the URL and still its not working
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.