CODEWITHSUNDEEP
pythondjangooauth
Vaionixx
Vaionixx

Reputation: 400

Django OAuth Toolkit invalid_grant error

I have a bit of a problem, I have a django application that is using Django OAuth Toolkit and I can't get the access token from the server when using Authorization Code flow. Implicit flow works fine. I haven't find anything regarding my problem on stack so I'm really sorry if this is a duplicate of another question.

I can authorize with this url and get the request come back, if i understand it correctly the request token is past in the code param.

http://mydomain.se/o/authorize?scope=read+write&state=kalle&redirect_uri=mycallbakurls&response_type=code&client_id=myclientid

when i then try to do a post to http://mydomain.se/o/token/ with:

grant_type = authorization_code
code = code from authorize call
client_id = my clientId
client_secret = my client secret
redirect_uri = my callback url

i get "error" : "invalid_grant" back.

Can someone please point me in the right direction what the problem can be?

Best regards Markus

Upvotes: 7

Views: 7232

Answers (5)

Aakash
Aakash

Reputation: 1

Verify the type of application you are using to hit request.

If you try to run curl cmd in terminal, this would work.

However if you try to run it in postman, you may get "invalid_grant" error as they need to send data in different format.

You can try copy curl command from Oauth Documentation and then import curl cmd in postman, it will be properly added then try to run it.

It worked for me.

Upvotes: 0

oma0256
oma0256

Reputation: 103

Check to verify that you set your details correctly. For instance in my case my client_id was wrong.

Upvotes: 0

Jess
Jess

Reputation: 429

This can happen if the code is expired. They expire pretty quickly by default. You can look up your code in the Django admin under Grants and change the expiration date to far in the future.

Upvotes: 20

anush0247
anush0247

Reputation: 91

I faced the same problem when my client type is confidential rather than public in o/application. Here's how I solved it.

  1. Failed error message is {"error": "invalid_grant"}

curl -X POST -d "client_id=17U5rPQM1HDtF3hR8sIRP6pmzn033EbnwJJ6lNCx& client_secret=D6bSgR8qyIwDl5SyF4kJ0wBJq56NXMUY9LVjD6NZTxnAh4ylTD2YBJxDBaLahpabZMGowWpVTYn6UW8Yq1GB6nAwm7euXZZxXaCxQLKK2KDNrfz4JSavFCKekc1LOCQz&grant_type=authorization_code&code=EaBVzVEjqbsU0GKl5gXK7ArrfsSiTJ&redirect_uri=http%3A%2F%2Flocalhost%2Foauth_client%2F" http://localhost:8080/o/token/
{"error": "invalid_grant"}

  1. Then changed my client type to public and got Success.

curl -X POST -d "client_id=17U5rPQM1HDtF3hR8sIRP6pmzn033EbnwJJ6lNCx&client_secret=D6bSgR8qyIwDl5SyF4kJ0wBJq56NXMUY9LVjD6NZTxnAh4ylTD2YBJxDBaLahpabZMGowWpVTYn6UW8Yq1GB6nAwm7euXZZxXaCxQLKK2KDNrfz4JSavFCKekc1LOCQz&grant_type=authorization_code&code=1ZxQjLN4QbpjaWgbztnOIe3K4bgxKj&redirect_uri=http%3A%2F%2Flocalhost%2Foauth_client%2F" http://localhost:8080/o/token/
{"access_token": "KstIqSnt9Mj4ITmCGRJpTYW3W59nRv", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "uJzJal9YSpirSax6vW2Di43ojRGvRV", "scope": "read write groups"}

  1. Again changed back to Confidential and send my username and password in curl request.

curl -X POST -d "client_id=17U5rPQM1HDtF3hR8sIRP6pmzn033EbnwJJ6lNCx&client_secret=D6bSgR8qyIwDl5SyF4kJ0wBJq56NXMUY9LVjD6NZTxnAh4ylTD2YBJxDBaLahpabZMGowWpVTYn6UW8Yq1GB6nAwm7euXZZxXaCxQLKK2KDNrfz4JSavFCKekc1LOCQz&grant_type=authorization_code&code=UJnq1xfKULOUD0m2Oxb26NYmnuxKMn&redirect_uri=http%3A%2F%2Flocalhost%2Foauth_client%2F" -u'admin:pass' http://localhost:8080/o/token/
{"access_token": "VhMgx59x4PHUPOgSTKMGewsM8JfT58", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "T0BhP1lFvyiS9c5rH6xHqt4uBItAS1", "scope": "read write groups"}

Upvotes: 2

Vaionixx
Vaionixx

Reputation: 400

I Found that I can't do the request separately. When I built my own client and tested all worked fine for me.

Upvotes: 1

Related Questions