Problem with OAuth implementation (error = Oauth error invalid_request: The authorization code was )

New Member
3 0 0

Hello,

I am trying the oauth flow for developing an app for shopify from the instructions given in the link below:
https://help.shopify.com/en/api/getting-started/authentication/oauth

So, in the step 3 when I try to make a 'POST' request to retrieve the access token I am sending all the given parameters i.e(client_id,client_secret) in the request body in json format. But then I am receiving 400 Bad Request. In response it also shows "Oauth error invalid_request: The authorization code was not found or was already used".

Can you please help me with this?

0 Likes
Shopify Staff
Shopify Staff
1555 79 240

Based on what I can see so far, the best I can recommend is to ensure that you've only POSTed with that code once. If you are absolutely certain you have only used the code once, since it's good for one use only, then my next guess without knowing what mechanism you are making the request from is that the code itself is not actually making it into your request (or your request is malformed somehow).

 

It might help me if you could provide an x-request-id response header from a failing request, that will let me check logs and maybe see what might be happening there.

 

Cheers.

0 Likes
New Member
3 0 0

Hello Alex,

 

The issue is resolved now. I am able to retrieve the access token. Thanks for responding to this post. Thank you.


@Alex wrote:

Based on what I can see so far, the best I can recommend is to ensure that you've only POSTed with that code once. If you are absolutely certain you have only used the code once, since it's good for one use only, then my next guess without knowing what mechanism you are making the request from is that the code itself is not actually making it into your request (or your request is malformed somehow).

 

It might help me if you could provide an x-request-id response header from a failing request, that will let me check logs and maybe see what might be happening there.

 

Cheers.


 

0 Likes
Highlighted
New Member
1 0 0

Hi Alex, I'm having the same issue, with some extra advice needed.

 

I am trying to authenticate an app with a shopify store. The first time I attempt to do this, the request for an access token is successful and so are subsequent requests to the shopify api with the access token, but if I make another request for an access token with the same authorization code I receive a 400 response saying the authorization code is missing or has already been used, but the documentation at https://help.shopify.com/en/api/getting-started/authentication/oauth/api-access-modes says that multiple requests with the same authorization code in offline access mode will return the same token, there is no mention of not being able to make more than one request for an access token with the same authorization code.

 

I'm trying to figure out what I need to do with the authorization code obtained when my app is initially installed vs the code received whenever a user visits the app since they both use the same authorization flow.

 

For a bit more context, I used the 'Building a shopify app with node and express' tutorial to build the authorization flow for my app and that works fine. By chance (since I can't find it mentioned in the documentation anywhere) I noticed that every time a user visits the app in their shop admin area, shopify makes another call to my install url and follows the same authorization flow in the background as it does when first installed and retrieves a new authorization code each time (in offline access mode since online is not requested). Is this supposed to happen, and what should I do each time I get a new code (every time a user visits the app) and when should I request an online authorization code?

0 Likes