Uber API | Requesting Access Token for Ride request returns 'invalid_grant' error

5
votes

I want users to request Uber rides from my app.
https://developer.uber.com/docs/rides/authentication

Under OAuth 2.0 section at the above url, there are 6 steps :
1. Authorize (done)
2. Receive Redirect (done)
3. Get an Access Token ('invalid_grant' error)

The following screenshot is from Postman. I tried passing client_id, client_secret, grant_type, redirect_uri and code as params, form-data and x-www-form-url-encoded. But everytime it returns the same error.

enter image description here

I have put 'http://localhost:3000/auth/uber/callback' as redirect url in my Uber App dashboard.

I have even tried the following curl command in the terminal,but it returns the same 'invalid_grant' error

enter image description here

Can someone help me with this issue.

2
postcurluber-api
Screen shots are generally not consider helpful here on S.O. (maybe your case is the exception), BUT, consider rewriting your Q to just usecurl commands. When you get that working you should be able to solve you Oauth/Postman problems, right? Also, you'll get more help if you include a tag for an programming/scripting language. Given your sample curl code already, you can just add a bash tag and get ~20K followers. (Or at least add a Postman or Oauth tag, depending on # of followers). Good luck.shellter
@mahendhar was this ever resolved?Josan Iracheta

2 Answers

2
votes

Your postman request looks correct to me. My best guesses at whats going on:

1) You have multiple redirects set up, and you're using one redirect url when you do the authorization phase and a different one when you try and do token exchange

2) You're doing authorization for one client_id, and trying to do token exchange for another

3) You're authorization code has already been used / expired. Keep in mind its only good for one request.

Could you try the following and tell me what happens:

1) Do the authorization flow and pay special attention that the client id and redirect uri you put in your authorization URL are correct

2) After your browser redirects, copy the authorization code out of the redirect URL

3) Put the authorization code into the postman request / curl statement and make sure that the client id / redirect URI is correct when you do it.

0
votes

Status Code: 401 Unauthorized

{
  "error": "invalid_grant"
}

  1. You are using an invalid refresh_token. You can generate multiple access tokens, but you can only use the latest generated refresh_token.

  2. You supplied an invalid code when exchanging an authorization code for an access_token.