Solved: Authorization code is invalid or expired error - Constant Contact Community

FirstNameL86527 · ‎01-18-2021

When I try to convert my access code to an access token I'm getting the error: Status 400. Authorization code is invalid or expired Error: invalid_grant

I formerly had this working, but moved code to my local dev machine. The steps I tried taking:

1) Delete existing auth token/refresh token file

2) Called

https://api.cc.email/v3/idfed?client_id=<redacted>&redirect_uri=https%3A%2F%2Flocalhost&response_type=code&scope=account_read+account_update+contact_data

3) When this returned a page on my browser, I logged in. I then took the auth code from the redirect url (?code=xxxxxxxxxxxxxx)

4) I called the following code, setting the authCode to xxxxxxxxxxxxxx from the step above

String tokenFromAuthCodeUrl = "https://idfed.constantcontact.com/as/token.oauth2?code=" + authCode +
        "&redirect_uri=https://localhost&grant_type=authorization_code";

HttpRequest httpRequest = null;
java.net.http.HttpResponse< String > response = null;
HttpClient httpClient = HttpClient.newBuilder().build();

httpRequest = HttpRequest.newBuilder()
        .uri( URI.create( tokenFromAuthCodeUrl ) )
        .header( "Authorization" , refreshTokenHeadersMap.get( "Authorization" ) )
        .POST( HttpRequest.BodyPublishers.ofString( "" ) )
        .build();

response = httpClient.send( httpRequest , java.net.http.HttpResponse.BodyHandlers.ofString() );

5) The response returned is Status 400. Authorization code is invalid or expired Error: invalid_grant

I'm not sure where to go from here. Can anyone see a problem with what I'm doing?

raleighb3 · ‎01-22-2021

i will ask the obvious: did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code? Because: "The authorization code has a 60 second lifetime." If that is not the problem, then can you post copy of your httpRequest so we see the details.

View solution in original post

raleighb3 · ‎01-22-2021

i will ask the obvious: did you post your Request for Access/Refresh Token within the 60 second life of the Authorization Code? Because: "The authorization code has a 60 second lifetime." If that is not the problem, then can you post copy of your httpRequest so we see the details.

FirstNameL86527 · ‎01-22-2021

Not so obvious 🙂

Yes, that was the problem. I wasn't aware of the short life of the Auth Code.

Thanks!

user4557894 · ‎12-14-2023

In that case, do we need to generate the Auth code after every 60 seconds?

John__B · ‎01-11-2024

Hello user4557894,

Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.

Our current authorization code has a lifespan of 5 minutes. You should only need to authorize your application/integration on an account once, as after this step has been completed, your application/integration can maintain account access by utilizing refresh tokens. Below I’m linking our current documentation for the Authorization Code OAuth2 flow, as well as overview documentation for all of our V3 API’s available authorization flows.

OAuth2 Overview:

https://developer.constantcontact.com/api_guide/auth_overview.html

OAuth2 Authorization Code Flow:

https://developer.constantcontact.com/api_guide/server_flow.html

Please have a look and let us know if you have any other questions!

Regards,

John B.
API Support Specialist
Did I answer your question? If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.

Authorization code is invalid or expired error

Developer Portal