Open mgoodfellow opened 3 years ago
Hey @mgoodfellow , what's the grant type of the request (authorization_code
, password
, refresh_token
...)? And is it the same as with other users?
Hi @anikarni this is using authorization_code
This is our core authentication code and it processes a significant number of logins daily. It's very strange, but we sometimes get sporadic failures as invalid_grant
but normally a user retrying will work successfully.
This particular user above has never been able to login successfully.
From our own investigation, one possible cause of this error is when the code has already been "used", and cannot be exchanged again. In this instance it might be a client side issue (on our site, not SoundCloud's) where we re-request the auth flow on our server and causes this re-use, in turn leading to a failure.
I have not been able to conclusively prove anything, but I just found this particular case interesting as they have never been able to login through any of our portals (mobile or web).
From a API consumer perspective, it would be great to have some more error information as to the possible causes of this error. As a general question however, re-use causes it, but are there any other causes that can be defined to aid in our investigation?
Many thanks for the help!
Title: Exchange code for token flow: 401 Unauthorized "invalid_grant"
Issue found of:
Endpoint(s):
POST /oauth2/token
Scope(s):
Steps to reproduce:
Sporadic, but affects certain users with us repeatedly. Is there any reason a certain user would be unable to use our login flow repeatedly?
Most recent example for us is userId 91742971 - this failure happens on all login attempts with us.
Expected behaviour:
AccessToken provided as per normal response for 99% of users logging in
Actual behaviour:
401 {"error": "invalid_grant"}