Can't Get OAuth 2.0 Access/Refresh Tokens (VB)



(Apologies if this is in the wrong category.)

I am trying to get the Access Token and Refresh Token for the first time using the method found here in Visual Basic:

Private Shared Function GetOAuthAccessAndRefreshTokens() As String
    Dim strResp As String = ""
        Dim grantType As String = "authorization_code"
        Dim redirectURI As String = ""
        Dim postData As String = "grant_type=authorization_code&client_id=" & HubClientID & "&client_secret=" & ClientSecret & "&redirect_uri=" & redirectURI & "&code=" & authorizationCode
        Dim byteReq() As Byte = Encoding.UTF8.GetBytes(postData)
        Dim objReq As WebRequest = WebRequest.Create("")
        objReq.Method = "POST"
        objReq.ContentLength = byteReq.Length
        objReq.ContentType = "application/x-www-form-urlencoded"
        Dim OutStream As IO.Stream = objReq.GetRequestStream()
        OutStream.Write(byteReq, 0, byteReq.Length)

        Dim objResp As WebResponse = objReq.GetResponse() 'This is where it keeps erroring out with a 400 response.

        Dim sr As New IO.StreamReader(objResp.GetResponseStream(), Encoding.UTF8, True)
        strResp = sr.ReadToEnd()
    Catch ex As System.Net.WebException
        Throw New ArgumentException("Error SendRequest: " + ex.Message + " " + ex.Source)
    End Try
    Return strResp
End Function

I have the client ID, client secret, and authorization code saved in private shared global variables, and the redirect URI here is the same one I used when I first authorized my app. I have checked and am confident that these values are inserted into the strings correctly.

Whenever I run this, I get an error thrown at the line denoted with the comment; everything before this line runs correctly. I have tried countless variations with both versions of postData but nothing is working. I feel like there is something simple that i am missing but i have no idea what.

EDIT: Figured I should mention some of the variations i’ve tried:

  • Including/excluding ;charset=“utf-8” from the end of the ContentType string
  • Including/excluding the closing forward-slash on both the post URL and the redirectURI
  • formatting postData as a JSON object and using ContentType of “application/json”


Hi @dyancey

Are you logging the body of that error response? Nothing jumps out from your code or the data you’re using, but you should see more details in the error message in that response.


the error message is “The remote server returned an error: (400) Bad Request.” This seems to be the default error message, as indicated by the API page for getting the access and refresh tokens.

Edit: @dadams, realized I didn’t tag you.


I discovered the issue-- my authentication code was expired. I regenerated it and finally got this post request working.


Glad to hear that @dyancey. In addition to expiring, codes can only be used once, so you’ll need to authorize the app again if you already used a code to generate a token previously.

Also, for the error, you’d need to record the content of the response, which won’t normally be included if you’re just logging the error for the request.


I’ve been searching for a working OAUTH 2.0 sample for 2 days. This one worked.

I’m using it with yahoo, so the only difference is the called URL: