Cannot generate valid code

Hi All

I have downloaded the Node quick start and configured it as per the instructions:

I can login and I see the call back with the code:

     GET /callback?code=c_GHCgzLNx5Ql5wB&state=Rs8DfjZAZqk8oNoGd99FRL

I take the code = c_GHCgzLNx5Ql5w and I input this into the test script to generate a JWT:

curl --request POST
–url ‘https://xxxxxxxx/oauth/token
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=authorization_code
–data ‘client_id=xxxxxxx’
–data client_secret=xxxxxxxx
–data code=c_GHCgzLNx5Ql5wB \
–data ‘redirect_uri=http://localhost:3000/callback’

The result is:

{“error”:“invalid_grant”,“error_description”:“Invalid authorization code”}

I am bagging my head against the wall. Why is this ? Help…

Thank you

Hey @fabltd! Welcome to the Auth0 Community.

A couple tips to ensure that you are sending the correct parameters, as I don’t have a full insight into your authentication flow:

  1. Ensure that you use the same client for the browser flow and the server (cURL) flow
  2. Make sure that you use the code quickly. Codes have an expiration time, so if you do an authentication, go for lunch, and then come back, it’s most likely going to be expired
  3. Authorization codes are only valid once. If the Quickstart is already doing a code exchange (it most likely is), you will not be able to reuse this code. You can know if the Quickstart already exchanges the code if it’s showing you the user profile for the user that authenticated - it’s not possible to get that just from a code :slight_smile:

Hopefully this helps - let me know if any of these ended up being the issue!

1 Like