Google Authorization Code Flow - Getting Access Token Returns "unauthorized_client"

Question

I am having trouble exchanging a Google Authorization Code for the access and refresh tokens.

Using the nodejs googleapis client library, I am able to generate the Auth URL and successfully get an auth code by calling the URL. The problem arrises when I attempt to exchange this auth code on my server.

I am making a POST call to 'https://www.googleapis.com/oauth2/v3/token' with the following params:

tokenData = {
    code: [code from client],
    client_id: [client ID used to get the auth code client-side],
    client_secret: [client secret associated with the ClientID],
    grant_type: 'authorization_code',
    redirect_uri: 'postmessage'
};

Upon making this call I simply get the message:

{error=unauthorized_client, error_description=Unauthorized} 

I have triple checked that the ClientID the client uses to get the auth code matches the one on the server and that the client's url has been added to the authorized javascript origin on the Google Console.

I have done extensive Googling to try and find a solution but there seems to be little documentation on what qualifies for an 'unauthorized_client' error. Any help is much appreciated.

Answer 1

After much research I was able to find a solution to my problem.

As outlined in this document, specifically Part D:

The client requests an access token from the authorization server's token endpoint by including the authorization code received in the previous step. When making the request, the client authenticates with the authorization server. The client includes the redirection URI used to obtain the authorization code for verification.

The redirect_uri supplied in the call to get the auth code must match the redirect_uri that is sent up to exchange. Hopefully this helps someone.