"The code passed is incorrect or expired"

[GeoffreyPlitt]

I keep getting this error, even after revoking my user tokens and clearing cookies.

The browser URL looks like "https://mywebsite/admin/auth?code=12346"

Seems like the error is caused by something else I'm doing wrong, since I'm not actually using an old code or anything.

How do I get to the bottom of this?

[GeoffreyPlitt]

@jaredhanson Any ideas?

[imujjwal96]

@GeoffreyPlitt Got a solution?

[GeoffreyPlitt]

No, but I had something wrong with my redirects. If you follow an example perfectly you shouldn't see this.

[mrdimidium]

Hello. I catch the same error in my app. Here is an example:

const Koa = require('koa');
const Router = require('koa-router');
const passport = require('koa-passport');
const { Strategy: GithubStrategy } = require('passport-github');

passport.use(new GithubStrategy(
  {
    clientID: 'client-id',
    clientSecret: 'client-secret-key',
    callbackURL: 'http://localhost:3000/auth/github/callback',
  },
  (accessToken, refreshToken, profile, done) => done(null, profile)
));

passport.serializeUser((user, done) => done(null, user));

passport.deserializeUser((user, done) => done(null, user));

const app = new Koa();

app.use(passport.initialize());

const router = new Router();

router.get('/', (ctx) => {
  ctx.body = 'This is root page ("/")';
});

router.get('/auth/github', passport.authenticate('github'));
router.get('/auth/github/callback', passport.authenticate('github', { successRedirect:'/', failureRedirect: '/' }));

//Middleware: authed
const authed = (ctx, next) => (ctx.isAuthenticated() ? (next()) : ctx.redirect('/auth/github'));

router.get('/app', authed, (ctx) => {
  ctx.body = 'Secured Zone';
});

app.use(router.routes());

app.listen(3000);

[Martii]

I somehow had a corrupt browser profile that caused this issue. Created a new one and it went away.

[bdfdm25]

@GeoffreyPlitt is it working? If yes, could you tell me what was wrong with your code? I'm having the same problem. Tks.

[htuzel]

@Martii @bdfdm25 Did you solve your problems?

[vishwa3]

I too am getting this error TokenError: The code passed is incorrect or expired.

[JoshInLisbon]

I am also getting this issue. I created a new github account to try out an app created there... but no luck. I am getting with:

client = Octokit::Client.new( client_id: ENV['GITHUB_CLIENT_ID'], client_secret: ENV['GITHUB_CLIENT_SECRET'] )

[JoshInLisbon]

I somehow had a corrupt browser profile that caused this issue. Created a new one and it went away.

What does this mean? How did you fix it?

[Martii]

@JoshInLisbon

What does this mean?

• Firefox
• Chrome

How did you fix it?

• https://www.google.com/search?q=how+to+create+a+new+chrome+browser+profile
• https://www.google.com/search?q=how+to+create+a+new+firefox+browser+profile

[wgcv]

I got this error when the callback code is expired (Go back in the navigator) http://localhost:3000/login/github/return?code=6970codefad3fake3ce2

[Parmeshwar-QA]

I am also experiencing this same problem. Anyone can solve it. Please reply.

error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code

Acces Token

The_code_passed_is_incorrect or expired

[Jobians]

Solution: Make sure your callbackURL in

passport.use(new GithubStrategy(
  {
    clientID: 'client-id',
    clientSecret: 'client-secret-key',
    callbackURL: 'http://localhost:3000/auth/github/callback',
  },
  (accessToken, refreshToken, profile, done) => done(null, profile)
));

Is same thing with your Authorization callback URL in GitHub