4

I've found that I can authenticate via OAuth 2.0 when my redirect uri is "urn:ietf:wg:oauth:2.0:oob", BUT the user is forced to copy the code, then go back one activity and paste it into a field. I want the experience to be more elegant than that. When the redirect uri is "http://localhost", (even though an access code is returned) I'm unable to exchange it for an access token to the api. Here's my exchange code:

            ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(
                    0);
            nameValuePairs.add(new BasicNameValuePair("client_id",
                    OAuth2ClientCredentialsMark1.CLIENT_ID));
            nameValuePairs.add(new BasicNameValuePair("client_secret",
                    OAuth2ClientCredentialsMark1.CLIENT_SECRET));
            nameValuePairs.add(new BasicNameValuePair("code", accessCode));
            nameValuePairs.add(new BasicNameValuePair("grant_type",
                    "authorization_code"));
            nameValuePairs.add(new BasicNameValuePair("redirect_uri",
                    OAuth2ClientCredentialsMark1.REDIRECT_URI));
                    //"http://localhost"

            String url = "https://accounts.google.com/o/oauth2/token";
            //url += URLEncodedUtils.format(nameValuePairs, "utf-8");

            Log.d("print", url);
            HttpPost hPost = new HttpPost(
                    url);
            hPost.setHeader("content-type", "application/x-www-form-urlencoded");

            hPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));

This code always returns {"error" : "invalid_grant"} What gives?

My app is based of the sample @ https://github.com/ddewaele/LatitudeOAuth2Sample and I've been following the tutorial @ http://code.google.com/apis/accounts/docs/OAuth2InstalledApp.html

Improve this question
2
  • I have the same problem. Using Scala instead of Java but other than that it is the same. I use localhost:9000 as redirect URI. Commented Mar 7, 2012 at 16:23
  • I am facing the same issue for OAuth on Installed Apps. Have you resolved the issue? Please comment. Commented Feb 5, 2013 at 11:28

3 Answers 3

Reset to default
3

It seems that your code is correct. The error come from the OAuth2 spec section-5.2.

The provided authorization grant (e.g. authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

Most likely, your application has not been authorized yet by the user.

To answer your concern about:

the user is forced to copy the code, then go back one activity and paste it into a field

Can you clarify what kind of oauth2 flow (scenario), are you developing?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

As the following thread suggests, it might be a TIMING error. Ensuring your server is in sync with world time clock might just prevent that invalid_grant error altogether.

I had that problem on only one of my servers, and indeed, it was the only one with 40 seconds off the world clock (it was in the future). I used ntpdate to forcefully change the date, and installed the ntp service. It's a Linux box.

https://groups.google.com/forum/?fromgroups=#!topic/google-analytics-data-export-api/4uNaJtquxCs

Improve this answer

Comments

0 
{
  "access_token" : "ya29.AHES6ZTtm7SuokEB-RGtbBty9IIlNiP9-eNMMQKtXdMP3sfjL1Fc",
  "token_type" : "Bearer",
  "expires_in" : 3600,
  "refresh_token" : "1/HKSmLFXzqP0leUihZp2xUt3-5wkU7Gmu2Os_eBnzw74"
}

you get this above when you first time try to get access_token for your application. And after one hour when your access token expires you can get new access_token using the refresh_token....here is your link for this https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Refreshing_a_Token

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.