401 : Client authentication failed on token exchange

[Joseph Szili]

Hi, in working through the authentication portion of the API I have no problem obtaining the authorisation code, the problem occurs when trying to exchange the code for a token.

The process has left me scratching my head wondering what blindingly obvious thing have I missed?

I've tried the posting per the instructions one the client, server and subsequently using Postman app to post to the following uri:

https://api.23andme.com/token/?redirect_uri=http://localhost:5000/receive_code/&client_id=redatcted&client_secret=redatcted&grant_type=authorization_code&code=redacted&scope=basic%20names%20email%20ancestry%20report:all%20rs3094315%20genomes%20phenotypes:read:all

ONLY the curl based request works from my cli and that returns an access token. Note I do the curl last as once the auth code is converted it's invalidated and cant be used again.

Any help or observations welcome.

Postman response

{

    "error_description": "Client authentication failed.",

    "error": "invalid_client"

}

Client Side

async function submitKY () {

let {code} = parsed

let authURL = `${baseURL}?redirect_uri=${redirectUri}&client_id=${clientId}&client_secret=${clientSecret}&grant_type=authorization_code&code=${code}&scope=${scope}`

console.log(`KY2 authURL: ${authURL}`)

try {

let response =

await ky.post(`${authURL}`, {

mode: 'no-cors',

Accept: '*/*',

'Content-Type': 'application/x-www-form-urlencoded'

})

console.log(`\n >>> KY OK ${response}`)

} catch (error) {

console.log(`\n >>> KY error: ${error}`)

}

}

Server Side

return got.post(authURL, {

headers: {

'Accept': '*/*',

'Content-Type': 'application/x-www-form-urlencoded'

},

}).then(res => {

console.log(`${JSON.stringify(res)}`)

return JSON.stringify(res)

}).catch(err => {

console.log(`${err}`)

return `${err}`

})

[Giwoo Lee]

Hi,

Have you got any success solving this issue?

I'm getting a CORS error when I attempt to POST /token/

This is how my FETCH looks like:

```js

    const response = await fetch(`${this.baseUri}/token`, {

      method: 'POST',

      mode: 'no-cors',

      body: JSON.stringify({

        client_id: this.clientId,

        client_secret: this.clientSecret,

        code,

        grant_type: 'authorization_code',

        redirect_url: this.redirectUri,

        scope: this.scope,

      }),

      headers: {

        'Content-Type': 'application/x-www-form-urlencoded',

      },

    });

```

[Usman Asif]

@giwo You should make a GET request, not a POST to the /authorize endpoint.