Getting an error when trying to exchange my authorization code for an access token

I’m setting up OAuth 2.0 3LO auth as described in your docs here:

and I’ve reached the “2. Exchange authorization code for access token” section, but when I attempt to exchange the Authorization Code that Jira has provided me for an Access Token I get the following response:

   "error": "invalid_grant",
   "error_description": "Invalid authorization code"

I have even tried doing a request outside of my code using Insomnia and CURL and the results are the same. Below is an example of the CURL request:

curl --request POST \
--url \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "authorization_code",
"client_id": "gm6mvItwMtf4ihNh3cUpQODc29xI08w3",
"client_secret": "some-secret",
"code": "ihgcFCpM0gnA7XLf",
"redirect_uri": "mysite.fake/webhooks/36c3a858c298438523423a3223981/v1"

(Please note that the “redirect_uri” above actually has https before the URL, but Atlassian’s helpful policy won’t allow me to include more than 1 link in my question so I had to pull it out…)

Which generates the same error:

{"error":"invalid_grant","error_description":"Invalid authorization code"}

Any suggestions as to how I might fix or debug this? Thanks for any help

1 Like


There’s nothing obvious in what you’ve shared.

The error description “Invalid authorization code” could be caused if the code “times out”. I can’t find documentation but I think the time out is 15m. Are you performing this flow “by hand”? Could it have taken more than 15m to read the docs and prepare the next request? Also, the authorization code will only work once. Subsequent requests with the same code will fail with that error message. In either case, did you restart the OAuth flow when you got the error or did you reuse the same authorization code?

1 Like

you must pass code_verifier that took from last step (authorize step) into data along with other parameter like code,clinet_id etc.