search

soundcloud / api

A public repo for our Developer Community to engage about bugs and feature requests on our Public API
149 stars 24 forks source link

Fetching OAuth access token returns 400 "invalid_grant" #341

Open stevereinvented opened 1 week ago

stevereinvented commented 1 week ago

Title: Fetching OAuth access token returns 400 "invalid_grant"

Issue found of: October 16th, 2024

Endpoint(s):

POST secure.soundcloud.com/oauth/token

Scope(s):

Application uses authorization_code workflow for authentication

Steps to reproduce:

After authorizing via https://secure.soundcloud.com/authorize with params:

client_id=[redacted]
redirect_uri=[http:// URL]
response_type=code
code_challenge=[code challenge]
code_challenge_method=S256
state=[random]

…attempt to obtain an Access Token from https://secure.soundcloud.com/oauth/token with:

code=[code received from authorize]
client_id=[redacted]
client_secret=[redacted]
redirect_uri=[http:// URL]
grant_type='authorization_code'
code_verifier=[base 64 string used to create the code_challenge]

Expected behaviour:

The Access Token is returned as per https://developers.soundcloud.com/docs/api/guide#auth-code

Actual behaviour:

400 {"error":"invalid_grant"}

This had been working until last week (the issue was noticed on Oct 16), and there have been no changes on our our side.

If it's of any relevance, the redirect URL registered is http:// not https:// and that is what is passed, but the site is HTTPS now.

youssefhassan commented 1 week ago

Hey @stevereinvented, the redirect Uri is most probably the reason of this error, can you please share your username and app name so I can update the redirect uri for the application?

stevereinvented commented 5 days ago

Thanks for getting back so quickly, and sorry for the delay my side.

The username is freshnet and the app is "Fresh On The Net Moderator".