exchange() failing with The request has an invalid grant parameter: code

[ericblade]

I'm not sure if this is something that came up with 0.8.0 release, or if it's amazon side, or if something else entirely is wrong, but.. this started recently... when I do an exchange(), i always get invalid grant parameter: code

async function getSpApiForOAuth(spapiOauthCode) {
    if (!spapiOauthCode) {
        throw new Error('Please re-authorize with Amazon in Settings');
    }
    // given the oauthcode, create a grantless spapi instance to exchange for a reauth token
    const spapi = new SellingPartnerAPI({
        region: 'na',
        options: {
            only_grantless_operations: true,
        },
        credentials: {
            SELLING_PARTNER_APP_CLIENT_ID,
            SELLING_PARTNER_APP_CLIENT_SECRET,
            AWS_SECRET_ACCESS_KEY,
            AWS_ACCESS_KEY_ID,
            AWS_SELLING_PARTNER_ROLE,
        },
    });
    // exchange for re-auth
    const res = await (async function() {
        try {
            const x = await spapi.exchange(spapiOauthCode);
            console.warn('* spapi exchange returns', x);
            return x;
        } catch (e) {
            console.error('* oauth exchange failed', e);
            if (e.code === 'invalid_grant') {
                // throw an error the client can recognize uniquely that auth has failed/expired
                throw new Error('Please re-authorize with Amazon in Settings');
            }
            throw e;
        }
    }());
    // create a new spapi interface with the refresh token and hang onto it for future requests
    const actual = new SellingPartnerAPI({
        region: 'na',
        refresh_token: res.refresh_token,
        credentials: {
            SELLING_PARTNER_APP_CLIENT_ID,
            SELLING_PARTNER_APP_CLIENT_SECRET,
            AWS_SECRET_ACCESS_KEY,
            AWS_ACCESS_KEY_ID,
            AWS_SELLING_PARTNER_ROLE,
        },
    });
    spapiCache.set(res.refresh_token, actual);
    return actual;
}

am i doing something wrong here?

edited to add: the client is sent to authorize at sellercentral site, which then redirects to /login/?spapi_oauth_code=[whatever]&selling_partner_id=[whatever]

client then passes spapi_oauth_code to the above function... which gives me back

* oauth exchange failed CustomError: The request has an invalid grant parameter : code
    at SellingPartner.exchange (C:\src\finder\node_modules\amazon-sp-api\lib\SellingPartner.js:454:13)

and to be clear, this started happening sometime in the last few weeks, after i had put in some other unrelated work to the app, as well as a minor refactoring of the section that handled this client side. I made zero changes to the server side, and as far as I can tell the client is sending the correct thing to the server, and i'm pretty sure i'm sending the correct thing to exchange()

rolling back to 0.7 did not seem to have any net positive effect.

[amz-tools]

@ericblade One guess: Is you authorized app a hybrid SP/MWS app? As MWS is shut down now maybe this might be the issue?

[ericblade]

Yes, it is a hybrid, but MWS doesn't shutdown until April 2024 at the least.
Not sure what specifically that would have to do with it, either.

It was working until mid December at least, which is when I started doing some work on the app again (coincidentally, updating some things to use SPAPI), so I thought perhaps pulling in new versions of this lib might've caused it, but going backwards to priors didn't seem to get there.

I don't really have any ideas as to what might be going on. Or, for that matter, how to diagnose it any further :-S

[nicolasheady]

@ericblade I have the same issue...did you solve it?

[ericblade]

I do not have any further information at t his time @nicolasheady .. this is not my day job, so I haven't really had much time to poke at it. It is something that i need to get together, though, I'd like to be able to get this fixed so I can go public someday :D

If you happen to have any ideas/find anything out, I'd love to hear. I will also come back here and report back if I find anything that seems to get through it.

[ankush981]

Came here to say that this was happening to me as well. However, it happened when I was copying the query string from my production domain to localhost for local development and testing. As soon as decided to test on the production server, the problem went away! Hard to say if this indeed was the cause, and I'm too lazy to modify my local DNS to point to a non-"localhost" domain and then pass that as the redirect uri, so I'm happy for now! 😄