Error making the /oauth/token request

Hi there,

I’m testing out an OAuth2 integration with Coinbase’s “sign in with Coinbase” API, and I’m currently getting the following error when POSTing for the token:

‘Invalid request. Instead of a GET request, you should be making a POST with valid POST params. For more information, see OAuth2

Here’s my request, which is a POST and includes all the correct parameters (grant_type, redirect_uri, client_id, client_secret, and code):

POST https://api.coinbase.com/oauth/token
grant_type=authorization_code&redirect_uri=http%3A%2F%2F127.0.0.1%3A5000%2Foauth2%2Fcallback%2Fcoinbase-poc&client_id=[REDACTED]&client_secret=[REDACTED]&code=[REDACTED]

Also should note that the response is coming back as a 404, which is also a little confusing.

I’m currently trying to debug this more on my end, but is there something that I’m missing? Appreciate any insight here!

Hi @ian-ridian , thank you for taking an interest in trying out Coinbase APIs. For the details regarding your inquiry, we will check on this for you with our team to see how we can best assist. We’ll get back to you once we have more information. Keep in touch!

2 Likes

Hello @ian-ridian ! Thank you for taking interest in using Coinbase API. We understand that you are having some errors with your OAuth2 Integration.

As a workaround, you may try to follow these steps in integrating the OAuth2 and see if you are still having an error:

  1. You first need to register a new OAuth2 application at https://www.coinbase.com/oauth/applications/new.
  2. Fill out the registration form with accurate information then click Create Application.
  3. Once done, for initial testing, you may click on the sample authorize URL and proceed to the next step. But in actual development, you have to create your own authorization URL with the correct permission (OAuth2 permissions) and scope (Permissions (Scopes)).
  4. Select the proper account you want to give access to, review the permissions, and then click “Authorize”.
  5. You will be directed to your redirect uri with a temporary code. Copy and store the given temporary code.
  6. Exchange this code for an access token by making a POST request to https://api.coinbase.com/oauth/token
  7. You may use the token by passing it as a header when calling out API endpoints (E.g. Authorization → Bearer 6915ab99857fec1e6f2f6c078583756d0c09d7207750baea28dfbc3d4b0f2cb80)

Please also make sure that there is no error in the configuration of your request. Look for typos, whitespaces, or invalid JSON formatting. You can also try double checking the following:

  • The request headers
  • The query parameters
  • The HTTP method

Please note that the access token expires in two hours. Once an access_token has expired, you will need to use the refresh_token to obtain a new access token and a new refresh token. The refresh token never expires but it can only be exchanged once for a new set of access and refresh tokens. If you try to make a call with an expired access token, a 401 response will be returned. For more details on how to integrate your OAuth2 app, you may check this out at this API Documentation.

We hope this helps.

2 Likes