Announcements

Help Wizard

Step 1

NEXT STEP

400 Bad Request - Access Token - PKCE Auth Code Flow

400 Bad Request - Access Token - PKCE Auth Code Flow

Avatar of dm17
Casual Listener
2022-04-15 08:43 AM

Hello,
I'm currently on Step 2 (Requesting Access Token) of the Auth Code Flow using PKCE, but I am unable to retrieve the access token.
Problem
I am receiving a 400 Bad Request when sending my POST request to the https://accounts.spotify.com/api/token endpoint.
Code Snippet
CodeCode

Everything seems correct when I output to the console, but it seems like I'm missing something.
Please help

 

Edit:

To make it easier to check my work I will reference the Auth Code Flow documentation here and where that can be found in my code (above).

  • Making a POST request to the /api/token endpoint:
    - options.method = "POST"
    - SPOTIFY_TOKEN_ENDPOINT = "https://accounts.spotify.com/api/token"
  • Request body should contain the parameters in application/x-www-form-urlencoded:
    - headers["Content-Type"] = "application/x-www-form-urlencoded"
    - bodyObject = parameters needed
      searchParams = URLSearchParams object containing parameters and values
      requestBody = bodyObject in x-www-form-urlencoded form
    - request.write(requestBody) = request sending parameters in the body in x-www-form-urlencoded form
  • Request body parameters needed (found in bodyObject):
    - grant_type = "authorization_code"
    - code = codeVal, the code value found in the URL when redirected after Authorization
    - redirect_uri = redirectURI, the same URI sent in Step 1 of Auth Code Flow
    - client_id = environment variable that is expanded at runtime using dotenv library
    - code_verifier = codeVerifier, the code verifier my website created and sent in Step 1 of Auth Code Flow (have confirmed these match)
  • HTTP Headers:
    - headers.Authorization = base64 encoded(<client_id environment variable>:<client_secret environment variable>)
    - headers["Content-Type"] = "application/x-www-form-urlencoded"
Labels:
2 people had this problem.
Reply
7 Replies

Avatar of mikemgg123
Visitor
2023-02-01 11:42 PM

same issue. did you figure it out?

 

Avatar of deeema
Casual Listener
2023-02-11 12:02 AM

I have the same problem when trying to refresh my token.
I'm sending a POST-request to endpoint "https://accounts.spotify.com/api/token" and getting 400 "Invalid request". No error message. I just don't get what the problem is.

 

Payload:
{
"refresh_token": [my refresh token],
"grant_type": "refresh_token",
"client_id": "[my client id]"
}
Headers.
{
"Content-Type": "application/x-www-form-urlencoded"
}

 

Avatar of hiftikha
Casual Listener
2023-06-28 04:11 PM

Are you able to fetch the auth_token the first time around? I have the same issue and keep getting invalid code_verifier when it is exactly the same as generated. Happy to pair program if you’d like, 2 pairs of eyes > one

0 Likes

Avatar of hiftikha
Casual Listener
2023-06-28 04:12 PM

Did you get a successful auth token the first time around using PKCE?

0 Likes

Avatar of SemyD
Casual Listener
2023-06-30 11:53 PM

Any news on this? i kinda have the same issue. Everything was working perfectly fine and out of nowhere i always get TIMEDOUT on https://accounts.spotify.com/api/token 

0 Likes

Avatar of rentzy
Casual Listener
2023-11-13 01:44 AM

I've run into the same issue and wondering if there has been any update?

0 Likes

Avatar of Bryan-BC
Newbie
2024-01-30 03:20 PM

Just putting this for future devs; I was able to make it work by changing "Content-Type" to "content-type"

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 2 years ago in Social & Random
Read more