Oauth 2 fails to exchange code for access token, returns "invalid_grant"

Question

I've found that I can authenticate via OAuth 2.0 when my redirect uri is "urn:ietf:wg:oauth:2.0:oob", BUT the user is forced to copy the code, then go back one activity and paste it into a field. I want the experience to be more elegant than that. When the redirect uri is "http://localhost", (even though an access code is returned) I'm unable to exchange it for an access token to the api. Here's my exchange code:

            ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(
                    0);
            nameValuePairs.add(new BasicNameValuePair("client_id",
                    OAuth2ClientCredentialsMark1.CLIENT_ID));
            nameValuePairs.add(new BasicNameValuePair("client_secret",
                    OAuth2ClientCredentialsMark1.CLIENT_SECRET));
            nameValuePairs.add(new BasicNameValuePair("code", accessCode));
            nameValuePairs.add(new BasicNameValuePair("grant_type",
                    "authorization_code"));
            nameValuePairs.add(new BasicNameValuePair("redirect_uri",
                    OAuth2ClientCredentialsMark1.REDIRECT_URI));
                    //"http://localhost"

            String url = "https://accounts.google.com/o/oauth2/token";
            //url += URLEncodedUtils.format(nameValuePairs, "utf-8");

            Log.d("print", url);
            HttpPost hPost = new HttpPost(
                    url);
            hPost.setHeader("content-type", "application/x-www-form-urlencoded");

            hPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

This code always returns {"error" : "invalid_grant"} What gives?

My app is based of the sample @ https://github.com/ddewaele/LatitudeOAuth2Sample and I've been following the tutorial @ http://code.google.com/apis/accounts/docs/OAuth2InstalledApp.html

Answer 1

As the following thread suggests, it might be a TIMING error. Ensuring your server is in sync with world time clock might just prevent that invalid_grant error altogether.

I had that problem on only one of my servers, and indeed, it was the only one with 40 seconds off the world clock (it was in the future). I used ntpdate to forcefully change the date, and installed the ntp service. It's a Linux box.

https://groups.google.com/forum/?fromgroups=#!topic/google-analytics-data-export-api/4uNaJtquxCs

Answer 2

{
  "access_token" : "ya29.AHES6ZTtm7SuokEB-RGtbBty9IIlNiP9-eNMMQKtXdMP3sfjL1Fc",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "1/HKSmLFXzqP0leUihZp2xUt3-5wkU7Gmu2Os_eBnzw74"
}

you get this above when you first time try to get access_token for your application. And after one hour when your access token expires you can get new access_token using the refresh_token....here is your link for this https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Refreshing_a_Token

Answer 3

It seems that your code is correct. The error come from the OAuth2 spec section-5.2.

The provided authorization grant (e.g. authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

Most likely, your application has not been authorized yet by the user.

---

To answer your concern about:

the user is forced to copy the code, then go back one activity and paste it into a field

Can you clarify what kind of oauth2 flow (scenario), are you developing?