cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2516
Views
10
Helpful
5
Replies

Invalid grant, when getting access token

Janos Benyovszki
Cisco Employee
Cisco Employee

Issue:

I'm attempting to retrieve an access token for the Webex API in a java application but each time I do, I receive an error stating "(invalid_grant) The provided access grant is invalid, expired, or revoked". However, I believe this to not be correct because when I follow the exact same steps using postman instead of the java app, it works just fine and I receive the access token, refresh tokens etc. Note, I'm retrieving a brand new Authorization code each time I try with the java app so I know that the code isn't being reused. 

Any suggestions or ideas as to why this isn't working?

5 Replies 5

keyle
Level 1
Level 1

q

Janos Benyovszki
Cisco Employee
Cisco Employee

This error usually means that one or more of the parameters used has an incorrect or invalid value. Most likely it's either the code or client_secret that's invalid. You could check if you are using the latest created client secret for example. One way to make sure, is to just recreate it in your integration app on https://developer.webex.com/my-apps/ (choose your app here then) and then add it as a value to this request.

Hi Janos, thanks for the reply. 
Unfortunately that doesn't seem to be the issue. Just now, these are the steps I took:
1. I reset the client secret as you suggested.
2. Using the new client secret and a new auth code, I attempted to get access token using postman which worked.
3. I then update the client secret in the java app, obtained a new auth code, and attempted to get access token and received the same error.

dstaudt
Cisco Employee
Cisco Employee

As this is all just HTTP, there shouldn't be any Java-specific reason for it not to work.  If you can obtain access to the raw HTTP output by the Java app (e.g. via logging from your HTTP framework) and compare with Postman's, that should give a good clue.
If you can provide a small Java app/snippet that reproduces the problem, perhaps we can spot something - e.g. missing/wrong 'Accept'/'Content-Type' headers, invalid JSON, invalid URL parameters, etc.

Apologies, the issue ended up being that the OAuth code was being trimmed 4 characters from the UI to the back-end where the request was being made. Appreciate your help!