Title: Problem getting token with authorization_code grant type Last modified: June 21, 2017 --- # Problem getting token with authorization_code grant type * [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/) * I am manually submitting a POST request for a token with POSTMAN and getting the following error: * ``` { "error": "redirect_uri_mismatch", "error_description": "The redirect URI is missing or do not match", "error_uri": "http://tools.ietf.org/html/rfc6749#section-4.1.3" } ``` * I do not understand why the code is checking for redirect_uri when I am clearly posting to /oauth/token. I see the code doing that in validateRequest inside AuthorizationCode.php, and it seems wrong. * Could the plugin author tell me what I may be doing wrong? Thank you Viewing 14 replies - 1 through 14 (of 14 total) * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9247913) * Okay, read the oauth2 doc, and apparently redirect_uri must be added to the token request. It would be great if the plugin author could update the knowledge base article here with this info: * [https://wp-oauth.com/kb/using-authorization-code/](https://wp-oauth.com/kb/using-authorization-code/) * Thank you * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9248008) * Hi [@chamois_blanc](https://wordpress.org/support/users/chamois_blanc/) * Thanks for the input. Just for any future references, the redirect_uri is optional if there is a redirect uri assigned for the client in the settings. This is how OAuth 2.0 is a designed and specified. The term for this process is “**Dynamic Configuration**” * You can find more details by checking out [https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.1.2.3](https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-3.1.2.3). OAuth 2.0 is complicated so if you have any questions please let me know. * I have taken note of the situation and will investigate where I can improve the documentation to ensure you and future developers have an easier path 🙂 * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9253632) * Hi Justin, * You are saying that if I do not provide a request_uri in the authorization request, the server will use the one associated with the client ID, and then I won’t have to provide it again when asking for the token. Okay I think that makes sense. * Thank you for the explanation! * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9254358) * After successfully getting the access token, I am not able to successfully make a WP REST API get request. I always get 401 unauthorized errors. * I am adding the access token to the Authorization header as ‘Bearer ’. * I have the ‘Application Passwords’ plugin installed and I am able to make REST API accesses with it (it uses an access token with ‘Basic ’ authorization). * Is there more I am supposed to do? * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9254363) * I should mention that my server is in development stage and running on localhost. Would using https instead of http make a difference? I guess I will try this next. * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9254594) * Tried https and no difference. I am not providing a scope, so I am getting ‘basic’. Should I be providing a different scope? * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9254812) * Okay turns out it was an .htaccess problem. I had to add the rewrite rule: * RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] * Okay last question: I am surprised the server does not create its own authorization page. Am I supposed to create it? do you have a template for it? * Thank you * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9255264) * A custom authorization page is something that we were going to add (and still plan to add) but we found that an “auto authorize” approach was simpler for most people. Due to the lack of demand for the authorization page we never moved forward with the feature. * With this said, I have added it to our tracking system for a future release. * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9257135) * Thank you for the response. My oauth2 servers have an authorization page for UX reasons. I think it’s great to tell users what they are authorizing. It’s also confusing to see a redirect with a blank page, so it would be great if the authorization page had something on it, even when authorization does not need to be granted again (because the user is already logged in and has authorized previously). * Yet another question: do you have an example of a token refresh request? * Thank you for your prompt responses, very much appreciated 🙂 * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9257187) * I am trying to follow this knowledge base article: [https://wp-oauth.com/kb/using-the-refresh-token/](https://wp-oauth.com/kb/using-the-refresh-token/) * But I get the following error (using Postman): * ``` { "error": "invalid_grant", "error_description": "The authorization code has expired" } ``` * I have just gotten the access token, so there is no way the refresh token could have expired. * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9257203) * Now getting the following error (when using Postman): * ``` { "error": "invalid_request", "error_description": "The grant type was not specified in the request" } ``` * Okay I see I put the parameters in the query, instead of body. My bad. * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9257206) * If I put the fields in the POST request body, I get this error now: * ``` { "error": "unsupported_grant_type", "error_description": "Grant type \"refresh_token\" not supported" } ``` * Thread Starter [therealgilles](https://wordpress.org/support/users/chamois_blanc/) * (@chamois_blanc) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9257212) * If I need to purchase the pro version to get refresh token to work, then I am fine with that, but you should advertise as such. Right now, the plugin page says the following: * SUPPORTED GRANT TYPES * Authentication Code NOTE: WP OAuth Server Pro Supports all grant types including: * Auth Code Client Credentials User Credentials Implicit Flow OpenID Code OpenID Implicit * There is no mention of refresh token at all. Please advise. * Plugin Author [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * (@justingreerbbi) * [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9290944) * We will be sure to include refresh token grant type to the readme with the next release. Thank you for making the suggestion to better the plugin. Viewing 14 replies - 1 through 14 (of 14 total) The topic ‘Problem getting token with authorization_code grant type’ is closed to new replies. * ![](https://ps.w.org/oauth2-provider/assets/icon-256x256.gif?rev=2603051) * [WP OAuth Server (OAuth Authentication)](https://wordpress.org/plugins/oauth2-provider/) * [Frequently Asked Questions](https://wordpress.org/plugins/oauth2-provider/#faq) * [Support Threads](https://wordpress.org/support/plugin/oauth2-provider/) * [Active Topics](https://wordpress.org/support/plugin/oauth2-provider/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/oauth2-provider/unresolved/) * [Reviews](https://wordpress.org/support/plugin/oauth2-provider/reviews/) * 14 replies * 2 participants * Last reply from: [Justin Greer](https://wordpress.org/support/users/justingreerbbi/) * Last activity: [8 years, 11 months ago](https://wordpress.org/support/topic/problem-getting-token-with-authorization_code-grant-type/#post-9290944) * Status: not resolved