blindkoala
(Tyler Burton)
December 14, 2017, 6:55pm
1
In the 5.4 version of the Postman Chrome app, I am able to successfully request an OAuth2 token from Bungie.net with the provided Auth URL, ClientId, and ClientSecret.
With the desktop app, this same flow fails with the error:
error:"invalid_grant"
error_description:āAuthorizationCodeInvalidā
No other error information is provided.
abhinav
(Abhinav)
December 14, 2017, 10:02pm
2
The Postman desktop app is now at 5.5. Can you try upgrading and see if the issue persists for you?
blindkoala
(Tyler Burton)
December 14, 2017, 10:30pm
3
Just tried that this morning. Same error.
Any idea what would generate that combination of error & error_description?
Thanks.
shamasis
(Shamasis Bhattacharya)
December 17, 2017, 8:39pm
4
What grant type are you using? Iāve not used bungie before, so cannot say what exactly is going wrong. Each auth provider has its own quirks.
@harryi3t @kamalaknn - thoughts?
blindkoala
(Tyler Burton)
December 18, 2017, 6:37pm
5
Iām using āAuthorization Codeā. This is the same grant type that Iāve been using successfully on the Chrome app. Thanks for asking. Iām completely in the dark on how to fix this.
shamasis
(Shamasis Bhattacharya)
December 18, 2017, 8:50pm
6
Ok, so youāre saying it works on Chrome App but not in the newly revamped auth of native app (I guess v5.4 and above). Let me dig deeper or point it to the more enlighten ones.
harryi3t
(harryi3t)
December 19, 2017, 8:59am
8
@blindkoala
I was able to reproduce the issue.
I have created an internal ticket for it and am working on a fix.
Hereās the explanation of why this happened.
This bug is limited to Bungie.net (or any other server which includes intermediate redirections containing ācodeā query parameter)
These are the redirections which happen behind the scene
https://www.bungie.net/en/OAuth/Authorize
\/
https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize
\/
https://www.bungie.net/en/User/SignIn/Psnid?code=INTERMEDIATE_CODE
\/
https://app.getpostman.com/oauth2/callback?code=ACTUAL_CODE
Since the param ācodeā was found in the 3rd step, we use it to make the call to get access_token
.
Since that code was not ACTUAL_CODE
, it fails.
blindkoala
(Tyler Burton)
December 19, 2017, 7:53pm
9
Good to know. Hopefully I helped you root out a bug thatās not just present on Bungie.net . Nice work!
1 Like