Alright, I’ve been stuck with this error for awhile now while noodling with external auth module and Discord’s OAuth2 API:
could not retrieve access token from the provider
I found this older thread which points me to this nice common problems guide that offers:
- Ensure the client secret has been set using the configure providers CLI command.
- Confirm the exchange URL is correct in the
manifest.yml
file.
For 1., I’ve confirmed and re-confirmed that I have the secret set appropriately.
For 2., I can see from Discord’s OAuth2 URLs documentation that the token
URL is:
https://discord.com/api/oauth2/token
The relevant parts of my manifest.yml
are as follows:
providers:
auth:
- key: discord
name: Discord
scopes:
- 'identify'
- 'email'
type: oauth2
clientId: '908442509259178044'
remotes:
- discord-oauth
bearerMethod: form-encoded
actions:
authorization:
remote: discord-oauth
path: /oauth2/authorize
exchange:
remote: discord-oauth
path: /oauth2/token
resolvers:
accessTokenExpires: expires_in
revokeToken:
remote: discord-oauth
path: /oauth2/token/revoke
retrieveProfile:
remote: discord-oauth
path: /me
resolvers:
id: id
displayName: username
remotes:
- key: discord-oauth
baseUrl: https://discord.com/api
external:
fetch:
backend:
- 'https://discord.com/api'
So I’m leading myself to believe that I have the exchange URL constructed properly…
Any thoughts on what else I could be missing? It is really hard to debug what could be going wrong because I don’t have any sense of what is going on under the hood. It would be nice if I could really noisy errors while I was in development mode.
Below are some other things I’m expanding on to make sure my understanding of the setup is correct
Discord’s Access Token Response shows a payload:
{
"access_token": "6qrZcUqja7812RVdnEKjpzOL4CvHBFG",
"token_type": "Bearer",
"expires_in": 604800,
"refresh_token": "D43f5y0ahjqew82jZ4NViEr2YafMKhue",
"scope": "identify"
}
Since the default for accessTokenExpires
is expires
, I’ve changed the resolver to look for expires_in
:
exchange:
remote: discord-oauth
path: /oauth2/token
resolvers:
accessTokenExpires: expires_in