Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

400 Bad Request - Access Token - PKCE Auth Code Flow

400 Bad Request - Access Token - PKCE Auth Code Flow

Hello,
I'm currently on Step 2 (Requesting Access Token) of the Auth Code Flow using PKCE, but I am unable to retrieve the access token.
Problem
I am receiving a 400 Bad Request when sending my POST request to the https://accounts.spotify.com/api/token endpoint.
Code Snippet
CodeCode

Everything seems correct when I output to the console, but it seems like I'm missing something.
Please help

 

Edit:

To make it easier to check my work I will reference the Auth Code Flow documentation here and where that can be found in my code (above).

  • Making a POST request to the /api/token endpoint:
    - options.method = "POST"
    - SPOTIFY_TOKEN_ENDPOINT = "https://accounts.spotify.com/api/token"
  • Request body should contain the parameters in application/x-www-form-urlencoded:
    - headers["Content-Type"] = "application/x-www-form-urlencoded"
    - bodyObject = parameters needed
      searchParams = URLSearchParams object containing parameters and values
      requestBody = bodyObject in x-www-form-urlencoded form
    - request.write(requestBody) = request sending parameters in the body in x-www-form-urlencoded form
  • Request body parameters needed (found in bodyObject):
    - grant_type = "authorization_code"
    - code = codeVal, the code value found in the URL when redirected after Authorization
    - redirect_uri = redirectURI, the same URI sent in Step 1 of Auth Code Flow
    - client_id = environment variable that is expanded at runtime using dotenv library
    - code_verifier = codeVerifier, the code verifier my website created and sent in Step 1 of Auth Code Flow (have confirmed these match)
  • HTTP Headers:
    - headers.Authorization = base64 encoded(<client_id environment variable>:<client_secret environment variable>)
    - headers["Content-Type"] = "application/x-www-form-urlencoded"
Reply
2 Replies

same issue. did you figure it out?

 

I have the same problem when trying to refresh my token.
I'm sending a POST-request to endpoint "https://accounts.spotify.com/api/token" and getting 400 "Invalid request". No error message. I just don't get what the problem is.

 

Payload:
{
"refresh_token": [my refresh token],
"grant_type": "refresh_token",
"client_id": "[my client id]"
}
Headers.
{
"Content-Type": "application/x-www-form-urlencoded"
}

 

Suggested posts