Authorization code is invalid or expired error

SOLVED
Go to solution

When I try to convert my access code to an access token I'm getting the error:  Status 400.  Authorization code is invalid or expired  Error:  invalid_grant

 

I formerly had this working, but moved code to my local dev machine.  The steps I tried taking:

 

1)  Delete existing auth token/refresh token file

2) Called 

https://api.cc.email/v3/idfed?client_id=<redacted>&redirect_uri=https%3A%2F%2Flocalhost&response_type=code&scope=account_read+account_update+contact_data

3)  When this returned a page on my browser, I logged in.  I then took the auth code from the redirect url (?code=xxxxxxxxxxxxxx)

4)  I called the following code, setting the authCode to xxxxxxxxxxxxxx from the step above

String tokenFromAuthCodeUrl = "https://idfed.constantcontact.com/as/token.oauth2?code=" + authCode +
"&redirect_uri=https://localhost&grant_type=authorization_code";

HttpRequest httpRequest = null;
java.net.http.HttpResponse< String > response = null;
HttpClient httpClient = HttpClient.newBuilder().build();

httpRequest = HttpRequest.newBuilder()
.uri( URI.create( tokenFromAuthCodeUrl ) )
.header( "Authorization" , refreshTokenHeadersMap.get( "Authorization" ) )
.POST( HttpRequest.BodyPublishers.ofString( "" ) )
.build();

response = httpClient.send( httpRequest , java.net.http.HttpResponse.BodyHandlers.ofString() );

5)  The response returned is Status 400.  Authorization code is invalid or expired  Error:  invalid_grant

 

I'm not sure where to go from here.  Can anyone see a problem with what I'm doing?

 

1 ACCEPTED SOLUTION
raleighb3
Member

i will ask the obvious:   did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code?    Because:  "The authorization code has a 60 second lifetime."    If that is not the problem,  then can you post copy of your httpRequest so we see the details.

View solution in original post

2 REPLIES 2
raleighb3
Member

i will ask the obvious:   did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code?    Because:  "The authorization code has a 60 second lifetime."    If that is not the problem,  then can you post copy of your httpRequest so we see the details.

Not so obvious

Yes, that was the problem.  I wasn't aware of the short life of the Auth Code. 

 

Thanks!

Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up