I keep getting bad verification code when requesting github access token Asked today Modified today Viewed 9 times

I am using auth0-vue for user authentication. I have added the github login connection in my auth0 console, selected the permission to view the user repo. I have also created the github auth0 application in my developer settings and the login/permession process in my frontend work as expected. Then when the code and state is returned after the user logs in I am sending the code to my back end server to make the following request for the github access token:

def get_github_token(code: str, state: str = None):
    conn = http.client.HTTPSConnection("github.com")

    payload = ""

    conn.request("POST", f"/login/oauth/access_token?code={code}&client_id={my_github_client_id}&client_secret={my_github_client_secret}", payload)

    res = conn.getresponse()
    data = res.read()

    print(data.decode("utf-8"))

    return None

But I keep getting:

error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code

I have double and triple checked the github client id and secret I am using and they are correct, Where am I going wrong?

Hi @TadewosBell,

Welcome to the Auth0 Community!

The code is single use and can’t be used to get a second token in your backend. In your backend, you want to get the IDP (GitHub) token directly from the management API.

You can do that following this guide:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.