Error: invalid_request, error_description: Invalid grant_type parameter or parameter missing when trying to get an access token (Buffer API)

0
votes

I am trying to recieve an access token from the following URL:

https://api.bufferapp.com/1/oauth2/token.json

The following code is my POST request, I seem to have everything included according to the Buffer API documentation and the OAuth 2 rules:

$.ajax({
    type: 'POST',
    url: 'https://api.bufferapp.com/1/oauth2/token.json',
    headers: {
        'Accept': 'application/json',
        'Content-Type': "application/x-www-form-urlencoded; charset=UTF-8",
    },
    data: {
        client_id: "{MY_CLIENT_ID}",
        client_secret: "{MY_CLIENT_SECRET}",
        redirect_uri: "http://localhost/testexample",
        code: "{MY_AUTH_CODE}",
        grant_type: "authorization_code"
    },
    success: function(response) {
        console.log(response);
    },
    error: function(response) { 
        console.log(response);
    },
    dataType: "jsonp"
});

When I execute the code, I recieve the error: net::ERR_ABORTED, and the URL returns: {"error":"invalid_request","error_description":"Invalid grant_type parameter or parameter missing"}

What am I doing wrong?

Thank you for your time.

2
jqueryjsonajaxapioauth-2.0

2 Answers

0
votes

The documentation says:

Also note that the code parameter must not be url encoded - ie. it should be formatted like 1/mWot20jTwojsd00jFlaaR45 and not 1%2FmWot20jTwojsd00jFlaaR45.

but in the headers you set the content to:

'Content-Type': "application/x-www-form-urlencoded; charset=UTF-8"

I'm not sure if that makes a difference if you are not encoding the "code" but could be worth trying without that content-type.

EDIT - I also tried this and makes no difference. So:

I would suggest removing the "jsonp" datatype as it's a POST not a GET. Possibly that could add something to the request which the token endpoint doesn't like. Alternatively try using an HTTP tool like Postman to POST the data.

If you need to make a cross origin call, maybe you can use CORS instead?

If you use fiddler (or any other type of HTTP traffic inspection tool) you should be able to see the actual request sent and the problem will then likely be more transparent.

Should look something like this:

enter image description here

0
votes

This was a problem within my Laravel code, It is now resolved.