"status":"BAD_AUTH_CODE","message":"missing or unknown auth code"

Vivek_Shankar_S · ‎Feb 12, 2018

I am trying yo get accesstoken using httpclient using post method but end up with errors. What should i pass for grant_type and what is code parameter can this be a random number , i have given my java code below

List params = new ArrayList();
params.add(new BasicNameValuePair(“client_id”, yamlConfig.getCrmClientId()));
params.add(new BasicNameValuePair(“client_secret”, yamlConfig.getCrmClientSecretKey()));
params.add(new BasicNameValuePair(“grant_type”, grant_type));
params.add(new BasicNameValuePair(“redirect_uri”, redirect_uri));
params.add(new BasicNameValuePair(“code”, “435534535”));
httpPost.setURI(new URI(“https://api.hubapi.com/oauth/v1/token”));
httpPost.setEntity(new UrlEncodedFormEntity(params));
httpPost.setHeader(“Content-Type”, “application/x-www-form-urlencoded”);
HttpResponse response = httpClient.execute(httpPost);
System.out.println(response.getStatusLine());
System.out.println(EntityUtils.toString(response.getEntity()));

Derek_Gervais · ‎Feb 20, 2018

Hi @Vivek_Shankar_Sakrap,

The authorization_code will be included as a query parameter when a user is redirected to the redirect URL. From the article above:

If they grant access, the user would be redirected to this URL:
https://www.example.com/?code=xxxx

You can then grab that code parameter from the redirect page and use it to get access/refresh tokens via the endpoint below:

Get OAuth 2.0 Access Token and Refresh Tokens

POST /oauth/v1/token

cinsulan · ‎Nov 3, 2021

I'm not sure, but I'm guessing that you're not really answering the question Derek_Gervais and I'm also guessing that Vivek_Shankar_S has a similar problem as we have.

In an api to api communication, you can't have users login to HS. The fact that a form is submitted to HS shouldn't be known to the user because it makes the app confusing. I would expect to be able to fully authorize a user with OAuth using pure GET/POST json requests/responses and thus bypassing any HS html page.

I make this call:

POST https://api.hubapi.com/oauth/v1/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=<my client id>&client_secret=<my client secret>&redirect_uri=<my redirect which is useless to me>&code=<the code I only know how to get after a user logs in>

The last part of the above params is the problem i.e. the "code" because the user has to "manually" login to HS. This is a show stopper for our application as it's a PWA and we cannot (for useability reasons) venture outside of our domain. The whole process need to be headless communication.

Is that not at all possible?

lachlan · ‎Feb 8, 2022

Bumping this - ran into this exact issue.

BStrange · ‎Oct 11, 2022

Hi @lachlan, when you follow the Installation link from the application and accept the permissions if you sent it to "Local Host" it'll redirect you with a code associated:-

use this code to activate the app.

Derek_Gervais · ‎Feb 13, 2018

Hi @Vivek_Shankar_Sakrap,

grant_type must be set to authorization_code. The code parameter must be the code you receive after a user authorizes your integration:

Vivek_Shankar_S · ‎Feb 13, 2018

url = yamlConfig.getCrmHubspotApiUrlAuthorize();
uri = new URI(url + “?client_id=” + yamlConfig.getCrmClientId() + “&scope=contacts” + “&redirect_uri=”
+ redirect_uri);
httpClient = new DefaultHttpClient();
httpGet = new HttpGet();
httpGet.setURI(uri);
HttpResponse httpResponse = httpClient.execute(httpGet);
InputStream responseContent = httpResponse.getEntity().getContent();
System.out.println(httpResponse.getStatusLine());
System.out.println(EntityUtils.toString(httpResponse.getEntity()));
String accessTokenResult = AppUtil.convertStreamToString(responseContent);
String client_id = yamlConfig.getCrmClientId();
String client_secret = yamlConfig.getCrmClientSecretKey();

		String grant_type = "authorization_code";

I get html code as response from initiating authorization, is authoriztion_code a response coming from initiating authorization

APIs & Integrations