JS Fetch API - Invalid Grant

Authentication
1

Hi,

I’m tearing my hair out here!

Authentication Request goes through fine, but the Access Token Request keeps returning “Invalid Grant”. Unfortunetly the API documentation is not the most helpful!

Can you see where I’m going wrong?

const tokenURL = 'https://api.freeagent.com/v2/token_endpoint'
const urlParams = new URLSearchParams(document.location.search)
const accessCode = urlParams.get('code')
const redirectURI = 'http%3A%2F%2F127.0.0.1%3A3000%2FBrowser%2Fapp.html'
const client_id = 'foo'
const client_secret = 'bar'


function returnToken() {
  fetch (tokenURL, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      grant_type: 'authorization_code',
      code: accessCode,
      redirect_uri: redirectURI,
      client_id: client_id,
      client_secret: client_secret
    })
  })
  .then(res => res.json())
  .then(json => console.log('Success:', json))
  .catch((error) => {
    console.error('Error:', error);
  });
}

Any help would be much appreciated!

Thank you :slight_smile:

2

Hi Rob,
Could you post the snippet of how you’re creating the authorize url too?
It might be the redirectURI parameter being encoded twice, I’m not sure if the fetch api will url-encode everything that goes through it by default but could be something to check. Have you also added that redirect URI into your app in DevDashboard?
Thanks,
Ollie

3

Hey Ollie,

The Authorise Request is kicked off by a very simple HTML link:

<a href="https://api.freeagent.com/v2/approve_app?redirect_uri=http%3A%2F%2F127.0.0.1%3A3000%2FBrowser%2Fapp.html&response_type=code&client_id=HbZ7nwmkwv9kiyYKJsA5pw">Login</a>

Yes, the URI has been added to the Dev Dashboard.

4

Hi Rob,
I had a try with your code locally, it seems to behave if you use the actual redirect URI, rather than an encoded one. Could you give that a go and see if it works?
Thanks,
Ollie

1 Like
5

Thanks Ollie,

All sorted. It was the redirect URI. Root cause was an issue with the environment.

Just tested it in a different environment and all working now.

Kudos!

1 Like