why it says "Required parameter is missing: grant_type"

[John Li]

Before I get access_token from google,my url is:

https://accounts.google.com/o/oauth2/token?client_secret=fjdkfjkkfdjkfjkffjkdfj&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Ftest%2Fredirect&code=4%2F8uQtImENQ475m1RtO_LnmiBMN13y&client_id=123456789.apps.com

 

However,when I post it to google,I get an error message:Required parameter is missing: grant_type

I don't understand why it would occur but my url has wraped the "grant_type" parameter.

 

does anybody can help me? Thanks in advance!

[John Li]

[John Li]

Hi guys,I have my problem as mentioned above.However,when I use curl command , it works. I am frustrated and don't know why !

Does the developer can give me some hints ?  Any suggestions is appreciated !

 

 

 

 

Best Regards!

 

John

[Andrew Wansley]

Hey John,

Can you share an example request that's failing for you, so we can help debug?

Andrew

[John Li]

Hey Andrew

     Thanks for your reply.Before I get an accesstoken,I wrap my parameters followed by the "Using OAuth 2.0 to Access Google APIs ". My url is : https://accounts.google.com/o/oauth2/token?client_secret=m8bpEHh%2FJB9T41%2BQkkO2zFPZ&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2-demo%2Fredirect&code=4%2FuO68uwR0RV1KqS5zFscsoGGb7UTB&client_id=366115999459.apps.googleusercontent.com

 

But it always say "Required parameter is missing: grant_type" and I am frustrated. But I use curl command,it works fine.My curl command is:

curl https://accounts.google.com/o/oauth2/token -d "client_secret=m8bpEHh%2FJB9T41%2BQkkO2zFPZ&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2-demo%2Fredirect&code=4%2FuO68uwR0RV1KqS5zFscsoGGb7UTB&client_id=366115999459.apps.googleusercontent.com"

 

my client code is based amber and I can get the authorization code successfully.

 

Expecting your convenient reply as early as possible,thanks a lot!

 

2011/4/11 Andrew Wansley <aw...@google.com>

[Andrew Wansley]

Hey John,

It looks like you're doing an HTTP GET to the token endpoint instead of an HTTP POST. Curl with the -d parameter does a POST, and I suspect that's why you're seeing this (rather confusing) error :)

Andrew

[John Li]

Hey Andrew,

    I debuged the flow,but it really use "POST" method and the code is as follow:

 

                if (!OAuthUtils.isEmpty(requestMethod)) {
                    httpURLConnection.setRequestMethod(requestMethod);    // requestMethod is  an parameter and is "POST" 
                    if (requestMethod.equals(OAuth.HttpMethod.POST)) {
                        httpURLConnection.setDoOutput(true);
                        OutputStream ost = httpURLConnection.getOutputStream();
                        PrintWriter pw = new PrintWriter(ost);
                        pw.print(request.getBody());
                        pw.flush();
                        pw.close();
                    }
                } else {
                    httpURLConnection.setRequestMethod(OAuth.HttpMethod.GET);
                }

I traced the process and it really stepped into if clause not the else section.

 

I am wonder if the code above has something wrong ?

Thank you very much!

2011/4/12 Andrew Wansley <aw...@google.com>

[Andrew Wansley]

Hey John,

Which library are you using here?

[John Li]

Hey Andrew,

    I used the amber code provided by svn. I tested in my local environment and it showed that it took POST method to request actually.Also,the flow works fine,but error message in google. I am totally confused.

Thank you!

[John Li]

Hey Andrew,

     could you give me some hints about how to catch the http request by java code as follow:

               if (!OAuthUtils.isEmpty(requestMethod)) {
                    httpURLConnection.setRequestMethod(requestMethod);    // requestMethod is  an parameter and is "POST" 
                    if (requestMethod.equals(OAuth.HttpMethod.POST)) {
                        httpURLConnection.setDoOutput(true);
                        OutputStream ost = httpURLConnection.getOutputStream();
                        PrintWriter pw = new PrintWriter(ost);
                        pw.print(request.getBody());
                        pw.flush();
                        pw.close();
                    }
                } else {
                    httpURLConnection.setRequestMethod(OAuth.HttpMethod.GET);
                }

I tryed some http analyzer software,but they seem to catch those request by browser.

 

Thanks for your time. Best Regards!

 

[Johannes Kristinsson]

I get the same behavior. I'm creating the request in JavaScript using
the xmlhttprequest object.

Using FireBug in Firefox I get the console error
"POST https://accounts.google.com/o/oauth2/token 400 Required
parameter is missing: grant_type"

When I inspect the error message in Firebug, it says that the "Post"
is:
grant_type=authorization_code&client_id=...&client_secret=...&code=...&redirect_uri=urn:ietf:wg:oauth:
2.0:oob

Thus, I am fairly sure that
a) I am making a POST request
b) I am including the grant_type header


Simplified code: (javascript)
var req = new XMLHttpRequest();
var tokenUrl = "https://accounts.google.com/o/oauth2/
token";
var clientId = "..."; // From the Google API Console
var clientSecret = "..."; // From the Google API Console
var authorizationCode = "..."; // Received from the client access
token web-page
var body = "";
body += "grant_type=authorization_code&";
body += "client_id="+clientId+"&";
body += "client_secret="+clientSecret+"&";
body += "code="+authorizationCode+"&";
body += "redirect_uri=urn:ietf:wg:oauth:2.0:oob";
req.onReadyStateChange = onTokenReceivedFunction;
req.open("POST", tokenUrl, true);
req.send(body);


The request headers:
Host accounts.google.com
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0)
Gecko/20100101 Firefox/4.0
Accept text/html,application/xhtml+xml,application/
xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Content-Length 193
Content-Type text/plain; charset=UTF-8
Origin null

The response headers:
Cache-Control no-cache, no-store, max-age=0, must-
revalidate
Pragma no-cache
Expires Fri, 01 Jan 1990 00:00:00 GMT
Date Tue, 26 Apr 2011 02:32:33 GMT
Content-Type text/html; charset=UTF-8
Content-Encoding gzip
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Content-Length 150
Server GSE

[Andrew Wansley]

Hey Johannes,

If your app is in-browser JS, take a look at the client-side flow of OAuth 2.0—it'll be much simpler and more secure for you users.

For other folks running into the error, this typically means you've included your parameters in the query string of the URL rather than in the POST body. Using the body instead of the query string should fix the issue.

Andrew

[Johannes Kristinsson]

The web-application is not hosted on a public web-server (the html file is opened directly in the browser). The "redirect-url" (which needs to be registered with the API Console in advance) needs to be an internet URI - only defining a filename would not work.
Hence, even though running in a web browser, the application is falling under the classification "native app" or "installed application" and needs to use the native applications flow.

//Johannes

[David]

I realize this is an old post, but it is the first response when googling, so I thought I'd provide the solution I found.

Ensure you are making a POST request. Ensure that in your header: 'Content-Type' is set to :'application/x-www-form-urlencoded'