2

I am writing a Java client side application which needs to access the Google tasks API. I am following the instructions from the page https://developers.google.com/accounts/docs/OAuth2InstalledApp and I have managed to get an authorization code. However, when I try to get an access token I keep getting an error 400 "Bad request".

I was testing using the Poster add-on for Firefox. I send a post request to https://accounts.google.com/o/oauth2/token with content:

code=<the-code-i-got-in-step1>&
client_id=1097620474561-gusvm8cq428h86r7pcum285cuffssncj.apps.googleusercontent.com&
client_secret=,my-client-secret>&
redirect_uri=hurn:ietf:wg:oauth:2.0:oob&
grant_type=authorization_code

Any suggestions about what I might be doing wrong?

vzamanillo
  • 9,905
  • 1
  • 36
  • 56
Brian O'Donovan
  • 31
  • 1
  • 3
  • trace the actual http your app is sending. Then go to Oauth Playground and perform the equivalent steps there, noting the http requests. Compare the two. It might be as simple as URLencoding the parameters. – pinoyyid Jan 24 '14 at 19:00
  • I was able to complete in the OAUTH playground so at least I can see what a successful response would look like, but I still can't get my own client ID working. Unfortunately I am unable to trace the HTTP session with wireshark because it is using HTTPS. – Brian O'Donovan Jan 27 '14 at 21:57
  • In Oauth Playground, if you click the gear icon, you can input your own client credentials. Try that so you can eliminate if it's a coding problem or a setup problem. – pinoyyid Jan 28 '14 at 06:06

2 Answers2

1

I eventually figured it out. I was not explicitly specifying offline access was required when making the initial request for a code as described here invalid_grant trying to get oAuth token from google

Thanks to everyone who helped me with this question

Community
  • 1
  • 1
Brian O'Donovan
  • 31
  • 1
  • 3
0

If it's a 400 error (rather than 401 - both codes are mentioned in your question) then it's most likely the request is malformed, check generic HTTP stuff such as:

  1. Make sure it's a POST - and that you have the data as the body, not as a query string.
  2. Content-Length is set.
  3. Content-Type is set to application/x-www-form-urlencoded.
  4. Each form parameter is in fact urlencoded

I would suggest making use of the Google provided client libraries where possible, an example for an installed client side application can be found here: https://code.google.com/p/google-api-java-client/wiki/OAuth2#Installed_Applications

aeijdenberg
  • 2,427
  • 1
  • 16
  • 13
  • I am definitely doing a POST with the data in the body rather than as a query string. The content-type is set to application/x-www-form-urlencoded and the Content-Length is automatically set by the Poster add-on. – Brian O'Donovan Jan 25 '14 at 14:51
  • Yesyerday I was getting an error 401 (the reference to error 400 was a typo), but when I try again today I get error code 404 - not found. – Brian O'Donovan Jan 25 '14 at 14:52
  • I found out that I was not properly URL encoding one of my parameters. When I fixed this I still get an error, but it is different. I get HTTP code = 400 and an JSON error "Invalid Grant" – Brian O'Donovan Jan 30 '14 at 14:07
  • Per breno's comment above - please paste as much of the raw request as you can (strip the client secret and any access/refresh tokens) including all headers to help us debug. I notice above "hurn:" instead of "urn:" for the redirect_uri... – aeijdenberg Jan 30 '14 at 18:32