Invalid grant error returned from oauth2 gem in Ruby

[Myron Robertson]

Hi, 

I'm currently developing a ruby gem called delivery_api to wrap the delivery api calls for a RoR application. I'm having trouble with the authentication step of my oauth process. I'm receiving the following error:

invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "code" parameter. 

I've double checked my redirect urls inside of the sandbox dashboard to insure they are correct.

My request is going to the following url:

http://sandbox.delivery.com/third_party/access_token

Passing the following params through a POST request:

{

code: "token returned from /third_party/authorize"

client_id: "my-client-id",

client_secret: "my-client-secret",

grant_type: "authorization_code",

redirect_uri: "http://localhost:3000/auth/token"

}

I've read online that the invalid_grant error is returned when my application has already been issued a valid access_token for a specific user login. If this is the case then if my application was throwing routing errors for example, its possible that i never saw the access_token object get returned and I wasn't able to temporarily store the object.

Is there a way to manually expire these tokens from my sandbox dashboard. If not can the ability to expire/remove them be added for sandbox accounts. I think this would help out other developers that run into this issue in the future. As of now I can continue working on other portions of the app, but I have to wait an hour for an issued access_token to expire while I'm working out the storage logic and procedures within the gem.

I wanted to make sure I am understanding this error correctly. It basically means get it right the first time or I'm screwed...

[mkaminski]

Hi Myron,

If the authorization code is expired, why not just make a request for another authorization code?

[Michael Kaminski]

It also appears that you are not passing a scope parameter, please pass scope:global with your request.

--
You received this message because you are subscribed to the Google Groups "deliverydotcom API V2" group.
To unsubscribe from this group and stop receiving emails from it, send an email to deliverydotcom-a...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Michael Kaminski]

Please ignore previous message

On Mon, Mar 3, 2014 at 4:50 PM, mkaminski <mkam...@delivery.com> wrote:

--

[Myron Robertson]

Hi Micheal,

I was able to get the oauth client working correctly inside of IRB. I isolated the problems down to my sessions controller. Since I'm providing validation through the gem not the rails application itself, I think the problem was occurring somewhere in the rails routing process. 

I'm using this Railscast tutorial http://railscasts.com/episodes/353-oauth-with-doorkeeper as a good guide on getting the client side authorization of my application setup properly. The source code for this tutorial has been very helpful and is helping me see were I'm going wrong.

As far as the scope parameter goes, I did have that set to 'global' when I sent in my initial token request, but I'll double check to insure it is passing inside of the request correctly. I'm using chrome://net-internals/#export for tracking all of the network request.

To unsubscribe from this group and stop receiving emails from it, send an email to deliverydotcom-api-v2+unsub...@googlegroups.com.

[mkaminski]

All right Myron, thanks for the followup.

On Sunday, March 2, 2014 3:30:28 AM UTC-5, Myron Robertson wrote:

[Myron Robertson]

I got this issue fixed. The error was being caused by how I had the routing set up. I was using separate redirect urls for /third-party/authorized and /third-party/access-token. The documentation for the oauth2 library I am using wasn't very clear about how to handle redirects for the login process, but when using separate redirect url's it throughs this error.