Auth0 Home Blog Docs

401 Unauthorized on code exchange

Hi, I’m trying to get Access Token in a mobile app. I’m starting authorization with the following URL:

https://xxx.auth0.com/authorize?client_id=cqd***&audience=https%3A%2F%2Fxxx.auth0.com%2Fuserinfo&scope=openid+email+offline_access&clientId=cqd***&responseType=code&redirectUri=io.actingweb.firstapp%3A%2F%2Fxxx.auth0.com%2Fandroid%2Fio.actingweb.firstapp%2Fcallback&verifier=9Gu***&code_challenge_method=S256&state=sJw***&code_challenge=EH8***&redirect_uri=io.actingweb.firstapp%3A%2F%2Fxxx.auth0.com%2Fandroid%2Fio.actingweb.firstapp%2Fcallback&response_type=code&auth0Client=eyJ***

I’m getting code successfully with the following redirect URL:

io.actingweb.firstapp://xxx.auth0.com/android/io.actingweb.firstapp/callback?code=7zK***&state=sJw***

Next, I’m making the following request to the /oauth/token endpoint:

"code" -> "7zK***"
"verifier" -> "9Gu***"
"redirectUri" -> "io.actingweb.firstapp://xxx.auth0.com/android/io.actingweb.firstapp/callback"
"code_verifier" -> "9Gu***"
"redirect_uri" -> "io.actingweb.firstapp://xxx.auth0.com/android/io.actingweb.firstapp/callback"
"client_id" -> "cqd***"
"grant_type" -> "authorization_code"

But this returns 401 Unauthorized with the following data:

"error" -> "access_denied"
"error_description" -> "Unauthorized"

In the account log I see the Login Successful message and then the following message:

Occurred: 5 minutes ago at 2019-10-30 06:05:10.048 UTC
Type: Failed Exchange
Description: Unauthorized
Connection: N/A
Application: cqd***
User: N/A

{
  "date": "2019-10-30T06:05:10.048Z",
  "type": "feacft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": "cqd***",
  "client_name": null,
  "ip": "126.66.*.*",
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "details": {
    "code": "*************m5_",
    "device_id": "v0:3aa62***"
  },
  "hostname": "xxx.auth0.com",
  "user_id": "",
  "user_name": "",
  "log_id": "90020191030060513413000651782668189863305027537137041522",
  "_id": "90020191030060513413000651782668189863305027537137041522",
  "isMobile": false
}

What’s the problem here? I can’t see any meaningful description of the reason of failure.

The issue was that my application type in the Dashboard was not set up as Native. It would be nice to have a meaningful error message in the account logs for this case.

1 Like

Thanks a lot for providing that feedback! I’ll make sure to relay it to appropriate engineering team of ours!