oauth2-playground

Oauth2 Playground exchange authorization code for token: 400 error


I've been following a basic OAuth 2.0 tutorial to create an OAuth 2.0 server. That whole part worked fine, but when I tried to play around with it in the Google OAuth2 playground following this page I'm getting some errors.

I've followed all the steps as they are in the above link except I used http://localhost/wordpress/authorize.php?state=xyz as my authorization endpoint because otherwise I would get an error saying that state was required and I didn't want to edit any code yet.

Now, everything seems to work fine with authorizing the APIs. I'm directed to my localhost site and when I authorize the request I am returned to the OAuth2 Playground. When I go on to the next step and attempt to exchange the returned authorization code for a token, I am given a 400 error.

The whole request/response is as follows:

POST /wordpress/token.php HTTP/1.1
Host: localhost
Content-length: 191
content-type: application/x-www-form-urlencoded
user-agent: google-oauth-playground

code=6d408c28d468db6586320bff3aacf16492489b67&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=newclient&scope=& client_secret=newpass&grant_type=authorization_code
______________________________________________________________________

HTTP/1.1 400 Bad Request
Content-length: 106
Content-type: text/plain

An error occured while connecting to the server: Unable to fetch URL: http://localhost/wordpress/token.php

This may be a simple error I've made on my end but I can't seem to figure it out. I don't think the code is really a problem because when I do the tests on the tutorial page everything works fine. I also have not edited any of the files from the library the example uses. If needed, I can edit this post to include the code to comply with the rule that links may become inactive.

One thing I noticed about the request was this little bit &scope=&client_secret=newpass&grant_type=authorization_code. It looks like there is no scope parameter set and I was thinking that might be messing up the results.

If anyone has any experience with OAuth or the OAuth2 Playground and could help me figure out where things went wrong I would be really grateful. Also, I apologize for the long question but I wanted to include as much info as I could.


Solution

  • This is happening because you are hosting your OAuth server on a non accessible network (e.g. localhost). Basically when the oauth playground tries to exchange the Code for the token it does so using its own server (not using a XHR on the webpage) and this server does not have access to your machine using the URL http://localhost....

    To test this with the playground you need to make your OAuth 2.0 server reachable with a public URL or IP address.What you can do instead is expose your local service to the outside/internet. For this you can use services such as ngrok or localtunnel and you'll get a public URL to your local service which you'll be able to setup the Playground with.