AnsweredAssumed Answered

Getting 'Incorrect Client' when trying to complete OAuth2 Workflow

Question asked by Akshya Pandey on Nov 26, 2018
Latest reply on Apr 29, 2019 by Akshya Pandey

Hello, I am a developer of an application that uses Canvas' REST APIs to get user/enrollment information for different courses. We use a very basic workflow when authenticating the users using our tool:

  1. If a token/refresh token doesn't already exist for the current session (or if an API request comes back with a bad response), get new authorization code from canvas (GET login/oauth2/auth -- with valid client_id, valid redirect_uri and response_type=code)
  2. Once an authorization code is received, make a post request to get the token (POST /login/oauth2/token -- with code=received authorization code, grant_type="authorization_code" or "refresh_token" if one exists, refresh_token=existing_refresh_token, client_id=developer_key_id, client_secret=developer_key_secret)

After the second step, I'm getting a response 400 stating {"error":"invalid_grant","error_description":"incorrect client"}. I was unable to find this error message in any documentation or threads in the Canvas Community. 

This tool is used by multiple institutes, and no other institute user of ours have reported this before. I requested to see the developer key set-up for the client who is reporting this issue, and I cannot see any incorrect configuration information. Any advice on this matter would be greatly appreciated.


PS: I cleared the session cookies and ran the tool through without providing a refresh token, and I'm seeing the very first REST request made (to get a user profile) with a newly received token getting the following message - {"errors":[{"message":"Invalid access token."}]}