[Authorization Flow] Code -> Token 401 Error!

I am building an application using expo/react-native that has an authentication component to it using the authorization flow. Basically, so far I have successfully obtained an authorization code via the ‘authorize’ endpoint but I am having trouble retrieving an access token with said code. Let me show you my POST request:

   try {
        const settings = {
            method: 'POST',
            headers: {'content-type': 'application/x-www-form-urlencoded'},
            form: {
                grant_type: 'authorization_code',
                client_id: CLIENT_ID,
                client_secret: CLIENT_SECRET,
                code: code,
                redirect_uri: url
            }
        }
        let response = await fetch('https://spikeedev.auth0.com/oauth/token', settings);
        let responseJson = await response.json();
        return responseJson;
    } catch (error) {
        console.error(error);
    }

Response:

{
“error”: “access_denied”,
“error_description”: “Unauthorized”
}

Here are a few notes:

  • Yes, CLIENT_ID and CLIENT_SECRET are just placeholders here (that isn’t the issue)
  • ‘url’ is a variable holding the same callback url I used when I got the code. It is the custom callback url that expo generates for my application using ‘AuthSession’
  • I have also tried making this request using the ‘Postman’ application to see if there was any difference…but I got the same response.

I have checked…double checked…triple checked… HELP!

From your tenant logs, I see the error “Invalid redirect_uri. Expected type ‘string’ but found type undefined”. Can you make sure that the url is being correctly sent in the request? Maybe try hardcoding it in the form.redirect_uri as a test to see if it is actually being sent in the POST.

That error occurred when I set up my request incorrectly in Postman earlier. Now I am getting an access denied error- one I expected to appear if I forgot to provide the client id/secret etc. For some reason, this access denied error isn’t showing my logs.

Okay I just got it working, feel free to disregard.

I used the Postman Auth0 API collection found here.
Thanks for the help!