Fetching OAuth access token returns 400 "invalid_grant"

[stevereinvented]

Title: Fetching OAuth access token returns 400 "invalid_grant"

Issue found of: October 16th, 2024

Endpoint(s):

POST secure.soundcloud.com/oauth/token

Scope(s):

Application uses authorization_code workflow for authentication

Steps to reproduce:

After authorizing via https://secure.soundcloud.com/authorize with params:

client_id=[redacted]
redirect_uri=[http:// URL]
response_type=code
code_challenge=[code challenge]
code_challenge_method=S256
state=[random]

…attempt to obtain an Access Token from https://secure.soundcloud.com/oauth/token with:

code=[code received from authorize]
client_id=[redacted]
client_secret=[redacted]
redirect_uri=[http:// URL]
grant_type='authorization_code'
code_verifier=[base 64 string used to create the code_challenge]

Expected behaviour:

The Access Token is returned as per https://developers.soundcloud.com/docs/api/guide#auth-code

Actual behaviour:

400 {"error":"invalid_grant"}

This had been working until last week (the issue was noticed on Oct 16), and there have been no changes on our our side.

If it's of any relevance, the redirect URL registered is http:// not https:// and that is what is passed, but the site is HTTPS now.

[youssefhassan]

Hey @stevereinvented, the redirect Uri is most probably the reason of this error, can you please share your username and app name so I can update the redirect uri for the application?