Getting 401 Unauthorized {"error": "invalid_grant"} on POST to token endpoint

619 views
Skip to first unread message

toni....@bluecrossmn.com

unread,
May 31, 2018, 6:24:52 PM5/31/18
to Developer Group for CMS Blue Button API

I feel like I'm missing something basic here. I found an older thread where someone was seeing 'unauthorized' when attempting to get a token, but the problem there was due to a mismatched redirect_uri, which is not the case here.


My curl command (replacing client secret with <client_secret>):


curl -X POST "https://sandbox.bluebutton.cms.gov/v1/o/token/" -u "Ta0SztVsxBa5HKP5JgkhnVdWrI8mafXfS1l1EdQS:<client_secret>” -d "code=heS4esuPZ8wmlOFUWBifIUVtswSm53&grant_type=authorization_code&redirect_uri=http://localhost:3000"


I get the same response whether I POST via curl, Postman, or through my app (axios):


401 Unauthorized

{

   "error": "invalid_grant"

}

The code is initially obtained using the same redirect_uri, which I verified is set correctly in the developer console.  This is the URL to get the code:



David Gage

unread,
Jun 1, 2018, 8:50:25 AM6/1/18
to Developer Group for CMS Blue Button API
Hi,

Try including a "state" parameter in your initial authorization request.

Take care,
~David Gage

toni....@bluecrossmn.com

unread,
Jun 1, 2018, 10:07:43 AM6/1/18
to Developer Group for CMS Blue Button API
Aha! I didn't need to pass state, but I uncovered my 2-fold problem:

1) After an attempt to exchange a code for a token (even if it fails) the code becomes invalid. I had been attempting via my app before trying in Postman/curl, so every Postman/curl would fail no matter what.

2) Parameter order matters.  I had the order correct in Postman/curl (code, grant_type, redirect_uri), BUT I had a different order in my app (grant_type, redirect_uri, code), which was unfortunately being called first and invalidating the code. <smh>

heerend...@gmail.com

unread,
Sep 12, 2018, 10:01:49 AM9/12/18
to Developer Group for CMS Blue Button API
hi ,

I also face the same problem and i tried every thing but still same issue i am facing too.(Status: 401 Unauthorized, Error: {"error": "invalid_grant"} on POST Request to token endpoint).

and i also included a "state" parameter in my initial authorization request that's also not work.kindly help out me.
Thanks in advance

Ma...@ekivemark.com

unread,
Sep 17, 2018, 5:20:28 PM9/17/18
to Developer Group for CMS Blue Button API
Toni,

I don't know if this will help but I wrote a simple callback handler that would build curl statements.


This is a simple python app. available here:

Regards

- Mark
Blue Button 2.0 Team

danusa....@gmail.com

unread,
Mar 19, 2019, 4:20:31 PM3/19/19
to Developer Group for CMS Blue Button API
Hi Everyone! 

Did anybody figure out what was wrong in the POST request returning {"error": "invalid_grant"} ? 
I am having the same issue in my app and in the Postman also.

I already checked the parameters order and passed the state to the authorization endpoint.
Any thoughts ? 

TIA,

Momin Shiraj

unread,
Mar 29, 2019, 9:28:37 AM3/29/19
to Developer Group for CMS Blue Button API

Hi Try with Get Method.

I have hit your URL and get the respons below.

danusa....@gmail.com

unread,
Mar 29, 2019, 5:34:59 PM3/29/19
to Developer Group for CMS Blue Button API
Hi!
The GET method is not allowed exchanging the code to token.
I have no more idea of what to do get the a token to access the demo patient data. 
Always returns {"error": "invalid_grant"}  using my applicatication and either the Postman.

Anyone else who can suggest anything else to try?

TIA,
Reply all
Reply to author
Forward
0 new messages