Discord API OAuth2 token url returns 401

[mttv]

Hi! I'm trying to add discord auth to my reactjs app. So the problem is that I cant receive user auth token from https://discordapp.com/api/oauth2/token because it send me 401 code, meaning that it needs Authorization header. But there is no mentions for this header in docs and I can't understand how I need to pass it if Im asking for auth token.

Code:

let data = {
     client_id: client_id,
     client_secret: client_secret,
     grant_type: "authorization_code",
     code: token,
     redirect_uri: "https://mttvapp.com/",
     scope: "identify"
}
data = $.param(data)
discord.post("/oauth2/token", {data}, {
       headers: {
             'Content-Type': 'application/x-www-form-urlencoded'
       }
})

[z64]

401 is not limited to invalid authorization. It can also mean that your redirect URI is not whitelisted on your application's settings page.

Please check that:

• You have entered the URI as shown below (and pressed Save!)
• You are passing the URI in data exactly as entered on this page
• You are using the same redirect URI that you passed in your authorize URL given to your user

If I recall, if your client_id/client_secret was incorrect, you would receive invalid_client in the response body.

[mttv]

@z64

code: token - code from authorization

 discordUserHandler = (token) => {
        let data = {
            client_id: client_id,
            client_secret: client_secret,
            grant_type: "authorization_code",
            code: token,
            redirect_uri: "https://mttvapp.com/oauth2/discord",
            scope: "identify"
        }
        data = $.param(data)
        console.log(`Data: ${data}`)
        discord.post("/oauth2/token", {data}, {
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded'
            }
        })
        .then(r => console.log(r))
        .catch(e => console.log(e))
    }

[zmirman]

I'm hitting the exact same issue (401) when requesting the access token for a webhook made with https://discordapp.com/api/oauth2/authorize

Here's the POST request I'm making:
https://discordapp.com/api/oauth2/token?client_id={clientId}&client_secret={clientSecret}&code={code}&redirect_uri={redirect_uri}&grant_type=authorization_code&scope=webhook.incoming

Header:
Content-Type: application/x-www-form-urlencoded

I'm hitting the endpoint both with Postman and from code -- same result. Verified that ClientSecret, clientId, and redirectUri are all correct and consistent with the authorize request.

Let me know if I can provide more details to help debug what the issue is

[jhgg]

@zmirman - I think your issue may be unrelated. The parameters must be in the actual post body - you are sending them within the request URL's querystring.

[zmirman]

That resolved my issue. Thanks @jhgg! I don't think that was very clear from the docs -- although this may just be a general gap in my knowledge

[mttv]

In postman I'm getting "error": "invalid_client", and I can't understand why. I've copy&pasted ids from developers dashboard

[AEnterprise]

@mttv never show those secrets, if you have not already regenerate them as anyone who sees this can use this to authenticate as your application with the api

[mttv]

@AEnterprise don't worry I already regenerated them. I'm just showing that I have pasted them correctly.

[jhgg]

@mttv you are sending those values as query params and not in the body as application/x-www-form-urlencoded content type.

[mttv]

Ok, so it is working now in postman but still doesn't in my app.

[jhgg]

I can't help you make your code work unfortunately - but the API here is doing the right thing - assuming you send it a well-formed request.

I'm going to close this issue - as we've identified the issue as not being in the API, but rather in your code!

[mttv]

I don't know why, but I had to write content-type instead of Content-type and that fixed my problem.