I followed this guide → https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/ for oauth2 implementation. The first step works fine and the code is returned to the callback URL. But the endpoint for exchanging the auth code for access token errors out with error message as below:
{
"error": "invalid_request",
"error_description": "Incorrect request parameters"
}
curl request for the exchange:
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token' \
--header 'Content-Type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "CLIENT_ID","client_secret": "CLIENT_SECRET","code": "AUTH_CODE_RECEIVED_FROM_STEP1","redirect_uri": "APP_CALLBACK_URL"}'
Am I missing any request parameter?
Welcome to the Atlassian developer community @DeepaliGathibandhe,
No, you aren’t missing any request parameters. The error message might indicate that one of the 3 parameters about your client is wrong. I don’t think we could get closer to that problem without asking you to share things you shouldn’t. So I would recommend opening a developer support case.
That said, if your goal is to just get a token, there’s a CLI tool that I find really handy: oauth2c. Here’s how I use that in a script:
#!/usr/bin/env sh
# oauth2c requires the callback URL to be: http://localhost:9876/callback
SCOPES='offline_access read:me read:jira-work read:jira-user'
ATLASSIAN_APP_3LO_CLIENT_ID=
ATLASSIAN_APP_3LO_CLIENT_SECRET=
REFRESH_TOKEN=$(jq --raw-output '.refresh_token' access_token_response.json)
if [ -z "$REFRESH_TOKEN" ]; then
echo "Performing authorization code flow to obtain initial access token response"
oauth2c https://auth.atlassian.com/ \
--client-id "$ATLASSIAN_APP_3LO_CLIENT_ID" \
--client-secret "$ATLASSIAN_APP_3LO_CLIENT_SECRET" \
--response-types code \
--response-mode query \
--grant-type authorization_code \
--auth-method client_secret_post \
--scopes "$SCOPES" \
--silent \
> access_token_response.json
else
echo "Performing refresh token flow to obtain a fresh access token response"
echo "If this step fails, try deleting 'access_token_response.json' to start with a fresh code flow"
oauth2c https://auth.atlassian.com/ \
--client-id "$ATLASSIAN_APP_3LO_CLIENT_ID" \
--client-secret "$ATLASSIAN_APP_3LO_CLIENT_SECRET" \
--grant-type refresh_token \
--auth-method client_secret_post \
--refresh-token "$REFRESH_TOKEN" \
--silent \
> access_token_response.json
fi
ACCESS_TOKEN=$(jq --raw-output '.access_token' access_token_response.json)
curl \
--request GET \
--url https://api.atlassian.com/me \
--header "Authorization: Bearer ${ACCESS_TOKEN}"
curl \
--request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources \
--header "Authorization: Bearer ${ACCESS_TOKEN}" \
> accessible_resources.json
CLOUD_ID=$(jq --raw-output '.[0].id' accessible_resources.json)
curl \
--request GET \
--url "https://api.atlassian.com/ex/jira/${CLOUD_ID}/rest/api/3/myself?expand=groups,applicationRoles" \
--header "Authorization: Bearer ${ACCESS_TOKEN}"
Thank you for your help @ibuchanan! I will try creating a new app altogether and use its credentials for auth. If it doesn’t work, I will open a developer support case like you suggested. Also, thanks for sharing the oauth2c tool.
1 Like