12-01-2021 14:42
12-01-2021 14:42
Hello,
I am implementing oauth2 and getting a 400 bad request.
I have a Fitbit app registered with oauth 2.0 application type of server. The grant type is authorization_code. In the body of the request I am sending:
Error I am receiving:
\"errorType\":\"invalid_grant\",\"message\":\"Authorization code challenge missing. Visit https://dev.fitbit.com/docs/oauth2
12-02-2021 14:15
12-02-2021 14:15
Hi @johnhaigh
It's not clear to me if you are calling the authorize or the oauth2 token endpoint. The authorize endpoint should send the code challenge and the code challenge method. See Authorize. The oauth2 token endpoint should send the code verifier. See OAuth2 Token. In your example, you are providing all 3 which is incorrect. Please double-check the syntax in your code.
Gordon
12-03-2021 06:25
12-03-2021 06:25
Here is what I am doing specifically:
const body = {
grant_type: "authorization_code",
code: token,
client_id: clientID,
code_verifier: code_verifier,
code_challenge: code_challenge,
code_challenge_method: 'S256',
redirect_uri: callback,
};
const response = await Parse.Cloud.httpRequest({
method: "POST",
url: 'https://api.fitbit.com/oauth2/token',
headers: {
"Content-Type": "application/x-www-form-urlencoded",
Authorization: `Basic ${auth}`,
"Content-Length": data.length,
},
body: body,
}).catch((e) => {
throw e;
});
12-03-2021 09:50
12-03-2021 09:50
Thank you, @johnhaigh . When calling the /oauth2/token endpoint, you're only support to send the code verifier. See OAuth2 Token. The reason for the error is sending the parameter "code_challenge" and "code_challenge_method". Instead, those 2 parameters should be sent when using the Authorize endpoint.