Open
Description
Title: Fetching OAuth access token returns 400 "invalid_grant"
Issue found of: October 16th, 2024
Endpoint(s):
POST secure.soundcloud.com/oauth/token
Scope(s):
Application uses authorization_code workflow for authentication
Steps to reproduce:
After authorizing via https://secure.soundcloud.com/authorize with params:
client_id=[redacted]
redirect_uri=[http:// URL]
response_type=code
code_challenge=[code challenge]
code_challenge_method=S256
state=[random]
…attempt to obtain an Access Token from https://secure.soundcloud.com/oauth/token with:
code=[code received from authorize]
client_id=[redacted]
client_secret=[redacted]
redirect_uri=[http:// URL]
grant_type='authorization_code'
code_verifier=[base 64 string used to create the code_challenge]
Expected behaviour:
The Access Token is returned as per https://developers.soundcloud.com/docs/api/guide#auth-code
Actual behaviour:
400 {"error":"invalid_grant"}
This had been working until last week (the issue was noticed on Oct 16), and there have been no changes on our our side.
If it's of any relevance, the redirect URL registered is http:// not https:// and that is what is passed, but the site is HTTPS now.