Got a 'How do I' question? Join 'Ask a Trainer' Monday to Friday, 11am to 4pm ET for instant help and pro tips!

Authorization code is invalid or expired error

SOLVED
Go to solution
FirstNameL86527
Campaign Expert
0 Votes

When I try to convert my access code to an access token I'm getting the error:  Status 400.  Authorization code is invalid or expired  Error:  invalid_grant

 

I formerly had this working, but moved code to my local dev machine.  The steps I tried taking:

 

1)  Delete existing auth token/refresh token file

2) Called 

https://api.cc.email/v3/idfed?client_id=<redacted>&redirect_uri=https%3A%2F%2Flocalhost&response_type=code&scope=account_read+account_update+contact_data

3)  When this returned a page on my browser, I logged in.  I then took the auth code from the redirect url (?code=xxxxxxxxxxxxxx)

4)  I called the following code, setting the authCode to xxxxxxxxxxxxxx from the step above

String tokenFromAuthCodeUrl = "https://idfed.constantcontact.com/as/token.oauth2?code=" + authCode +
"&redirect_uri=https://localhost&grant_type=authorization_code";

HttpRequest httpRequest = null;
java.net.http.HttpResponse< String > response = null;
HttpClient httpClient = HttpClient.newBuilder().build();

httpRequest = HttpRequest.newBuilder()
.uri( URI.create( tokenFromAuthCodeUrl ) )
.header( "Authorization" , refreshTokenHeadersMap.get( "Authorization" ) )
.POST( HttpRequest.BodyPublishers.ofString( "" ) )
.build();

response = httpClient.send( httpRequest , java.net.http.HttpResponse.BodyHandlers.ofString() );

5)  The response returned is Status 400.  Authorization code is invalid or expired  Error:  invalid_grant

 

I'm not sure where to go from here.  Can anyone see a problem with what I'm doing?

 

1 ACCEPTED SOLUTION
raleighb3
Marketing Legend

i will ask the obvious:   did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code?    Because:  "The authorization code has a 60 second lifetime."    If that is not the problem,  then can you post copy of your httpRequest so we see the details.

View solution in original post

4 REPLIES 4
raleighb3
Marketing Legend

i will ask the obvious:   did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code?    Because:  "The authorization code has a 60 second lifetime."    If that is not the problem,  then can you post copy of your httpRequest so we see the details.

FirstNameL86527
Campaign Expert
0 Votes

Not so obvious 🙂

Yes, that was the problem.  I wasn't aware of the short life of the Auth Code. 

 

Thanks!

user4557894
Rookie
0 Votes

In that case, do we need to generate the Auth code after every 60 seconds?

John__B
Employee
0 Votes

Hello user4557894,

 

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

 

Our current authorization code has a lifespan of 5 minutes. You should only need to authorize your application/integration on an account once, as after this step has been completed, your application/integration can maintain account access by utilizing refresh tokens. Below I’m linking our current documentation for the Authorization Code OAuth2 flow, as well as overview documentation for all of our V3 API’s available authorization flows.

 

OAuth2 Overview:

https://developer.constantcontact.com/api_guide/auth_overview.html

 

OAuth2 Authorization Code Flow:

https://developer.constantcontact.com/api_guide/server_flow.html

 

Please have a look and let us know if you have any other questions!

 

Regards,


John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Resources
Developer Portal

View API documentation, code samples, get your API key.

Visit Page

Announcements

API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up