I want to get an Miro access token programmatically in my application and for that I am following all the steps mentioned in document https://developers.miro.com/docs/getting-started-with-oauth - Getting started with OAuth 2.0 and Miro. While performing step no.3, i.e. exchanging an authorization code for an access token, I constantly get 401 - oauthError - Invalid authorization code: auth_code received in step no.2.
Miro oauth api throws error 401 Invalid authorization code
Hi
Odd that you’re running into this, hopefully we can figure out what is going on!
Are you able to share with me any code snippets or samples that you are using? Or are you trying to run these commands from a terminal?
Additionally, can you verify you have the correct clientID, clientSecret, and redirectURI filled in in your app’s settings (https://miro.com/app/settings/user-profile/apps)?
I have the correct clientID, clientSecret, and redirectURI filled in in your app’s settings .
Below is the HTML code -
<button mat-flat-button color="accent" (click)="generateAuthLink()">Click to generate Miro authorization request link</button>
<label></label>
Hi
I’m not able to fully debug what is happening with the code snippet sent - are you able to share a full project?
I have no option to send a zip file and code attachment is not working either. It failed multiple times to attach typescript code.
Angular component and service code - https://codeshare.io/AdJOYe
It gives 401 in getAccessToken method call of service hence not able to get access token to call Miro APIs.
Thanks for sharing the code -
Can you help me debug something else? The code variable you have declared/used in the getAccessToken call - What does this evaluate to?
Can you log this somewhere and let me know?
Hi
getAccessToken function in service gets called from getAccessToken in miro test component’s getAccessToken method and it passes OAuth 2.0 authorization code received from miro api after user installs and authorizes - https://miro.com/oauth/authorize?response_type=code &client_id={your_client_id} &redirect_uri={your_redirect_uri}
{
"status": 401,
"code": "oauthError",
"message": "Invalid refresh token: <refresh_token>",
"type": "error"
}
If you regenerate the access token, you’re also regenerating the refresh token as well
Hi
{
"token_type": "bearer",
"team_id": 3074457358607431700,
"access_token": "<access_token>",
"refresh_token": "<refresh_token>",
"scope": "boards:write boards:read identity:read",
"expires_in": 3599
}
So are you saying when I do this the refresh_token won’t update as opposed to calling the API everytime for getting the access_token ? as it is supposed to stay the same for 60 days.
So, every time you request a new access token you receive a new access_token and refresh_token pair.
The refresh token is indeed valid for much longer than the access token it’s paired with, but if you request a new access token, the refresh token will also be updated/changed, and the old one will become invalid
Okay I get it, then what is the point of mentioning in the docs that the refresh_token does not expire until 60 days are up? is there another context that this feature can be used in?
Yes - The token is valid for 60 days, in cases where the access token is not regenerated, you have a window of 60 days to use this refresh token to get a new access_token
This can be done without needing the user to “sign back in”
In cases where they are expired after 60 days, the signin/auth process will need to be initiated again
Okay I think I get it now. Thank you for clarifying this.
I was not able to get access token even a single time after exchanging authorization code step.
Hi
I faced another issue with the refresh_token, So my colleague who had not used the App for 2 days just opened the app and got the same error:
{
"status": 401,
"code": "oauthError",
"message": "Invalid refresh token: <refresh_token>",
"type": "error"
}
So we had to do some changes in the backend, to enable the authorization procedure to start again so we have a new access_token-refresh_token pair. Seemed like the refresh_token expired just after a few hours.
Can you log the value to make sure it’s passing it in correctly?
I am running into 401 continuously.
I called those API calls manually i.e. calling ‘https://api.miro.com/v1/oauth/token ?grant_type=authorization_code’ api in step 3 passing all correct parameters including the returned AUTHORIZATION_CODE from step 2 in the Miro document. PFA.
Hi
Have you taken a look at our written guide and our YouTube video? This might help you understand the authorization works and how to implement it.
Hi,
I am facing the same issue as
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.