Unable to get access token, 'code' param invalid.

[Itsindigo]

I was hoping somebody might be able to help, I'm having issues getting an access token from the API. I've reviewed against #71 which feels like a similar issue, but no luck.

One potential issue I can think of is that I'm manually grabbing the code out of the URL from my auth redirect. Could the code be expiring in the 30s or so it takes me to grab it and add into my code?

data = json.dumps({
    'grant_type': 'authorization_code',
    'code': '[Code just returned from auth redirect]'
})

rsp = requests.post(
    url='https://www.bungie.net/Platform/App/GetAccessTokensFromCode/',
    headers={
        'X-API-KEY': settings.API_KEY
    },
    data=data,
)

output is:

(Pdb) rsp.json()
{'ErrorCode': 2106, 'ThrottleSeconds': 0, 'Message': 'Authorization code is invalid.', 'MessageData': {}, 'ErrorStatus': 'AuthorizationCodeInvalid'}

Thanks.

[floatingatoll]

grant_type isn't shown as a valid parameter to that endpoint at one [1] of Bungie's documentation pages for auth. Does removing it from the data structure solve the problem for you? [1] https://www.bungie.net/en/Help/Article/45481 Is the authorization code you extract from the URL the same number of bytes long as the API key? I suggest this only as a debugging test, not as a permanent check for code.

…

On Wed, Oct 18, 2017 at 12:04 PM, Matthew Bridges ***@***.***> wrote: I was hoping somebody might be able to help, I'm having issues getting an access token from the API. I've reviewed against #71 <#71> which feels like a similar issue, but no luck. One potential issue I can think of is that I'm manually grabbing the code out of the URL from my auth redirect. Could the code be expiring in the 30s or so it takes me to grab it and add into my code? `data = json.dumps({ 'grant_type': 'authorization_code', 'code': '[Code just returned from auth redirect]' }) rsp = requests.post( url='https://www.bungie.net/Platform/App/GetAccessTokensFromCode/', headers={ 'X-API-KEY': settings.API_KEY }, data=data, )` output is: (Pdb) rsp.json() {'ErrorCode': 2106, 'ThrottleSeconds': 0, 'Message': 'Authorization code is invalid.', 'MessageData': {}, 'ErrorStatus': 'AuthorizationCodeInvalid'} Thanks. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#239>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAFqDCWDGIUWZZ-qp8iQZbK5cyWlsgcFks5stkvYgaJpZM4P-NLK> .

[Itsindigo]

Thanks @floatingatoll, the response code is 32 chars long, which looks to be correct based on the response shown in the docs. As for the grant_type, it doesn't seem to make a difference to the response either way.

[Tetron-bng]

@Itsindigo The https://www.bungie.net/Platform/App/GetAccessTokensFromCode/ is strictly for the 'almost OAuth' mechanism we originally supported on Bungie.net. New implementations should be using Token Endpoint: https://www.bungie.net/platform/app/oauth/token/

More here:

https://www.bungie.net/en/Groups/Post?groupId=39966&postId=227773391&sort=0&page=0

I still have not updated the help article with the OAuth details. This is on my backlog still.

[dad2cl3]

@Itsindigo try this link https://github.com/Bungie-net/api/wiki/OAuth-Documentation

[Itsindigo]

Thanks folks, I'll give this another shot.