OAuth Get Token

i am currently implementing an oauth client using indico applications.
I was able to retrieve a code using the authorize url.
But now i am struggling to exchange this code to an access token.
For testing purposes i am using postman.
I am posting to the access token URL, with the correct grant_type and the code attached to the request.
Problem is that i am getting a 401 with an error saying invalid client.
Do i have to provide more parameters to request such as the client secret and if so how should the parameter look like.

Thanks in advance

It’s standard oauth - so simply following the spec (or using an oauth client library) would be the easiest option.

If you manually send requests please include what you send. 401 sounds like you are not authenticating the token request using client id and secret…

Yes thats the thing.

I am posting to accesstokenroute/?grant_type=authorization_code&code={code}.

I am not quite sure about the authorization header which i am sending.
Currently its “authorization”: “BASIC {client_secret}”

Am i missing something or is basic wrong in this place?

http -f post https://indico3.mydevserver/oauth/token 'grant_type=authorization_code' 'client_id=XXX' 'client_secret=YYY' 'redirect_uri=https://XYZ' 'code=ZZZ'

This is what I used during development. So everything is sent via POST fields - nothing in HTTP auth.

1 Like

Thank you. That worked. Had something messed up with redirect_uri