App Id or redirect_uri does not match authorization code.
Since I'm quite the noob with OAuth and App development, I guess the mistake (as most of the time) is on my side. My App has a button (Log In) that directs the user towards a webview where he, via OAuth, logs in at the Misfit API (https://build.misfit.com/). Once he agrees to share his Misfit data with my App, the webview wants to redirect him to my redirect_uri, but I always get the aforementioned error message. Here is the code for the OAuthActivity:
public class OAuthActivity extends Activity {
public static String OAUTH_URL = "https://api.misfitwearables.com/auth/dialog/authorize";
public static String OAUTH_ACCESS_TOKEN_URL = "https://api.misfitwearables.com/auth/tokens/exchange";
public static String CLIENT_ID = "ID";
public static String CLIENT_SECRET = "Secret";
public static String CALLBACK_URL = "http://iss.uni-saarland.de/";
public static String SCOPE = "public,birthday,email,tracking,session,sleeps";
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_auth_o);
String url = OAUTH_URL + "?response_type=code" +"&client_id=" + CLIENT_ID + "&redirect_uri=" + CALLBACK_URL + "&scope=" + SCOPE;
WebView webview = (WebView)findViewById(R.id.webview);
webview.getSettings().setJavaScriptEnabled(true);
final SharedPreferences prefs = this.getSharedPreferences(
"com.iss_fitness.myapplication", Context.MODE_PRIVATE);
webview.setWebViewClient(new WebViewClient() {
public void onPageStarted(WebView view, String url, Bitmap favicon) {
String accessTokenFragment = "access_token=";
String accessCodeFragment = "code=";
// We hijack the GET request to extract the OAuth parameters
if (url.contains(accessTokenFragment)) {
// the GET request contains directly the token
String accessToken = url.substring(url.indexOf(accessTokenFragment));
prefs.edit().putString("Token", accessToken);
} else if(url.contains(accessCodeFragment)) {
// the GET request contains an authorization code
String accessCode = url.substring(url.indexOf(accessCodeFragment));
prefs.edit().putString("Code", accessCode);
String query = "grant_type=authorization_code" + "&client_id=" + CLIENT_ID + "&client_secret=" + CLIENT_SECRET + "&code=" + accessCode + "&redirect_uri=" + CALLBACK_URL;
view.postUrl(OAUTH_ACCESS_TOKEN_URL, query.getBytes());
}
}
});
webview.loadUrl(url);
}
}
I know this is somehow supposed to hijack the authorization URL to get the accesscode, and if that is not available, try to get the token. Some people propose to interrupt the activity before it wants to take me to my redirect_uri, but I have no idea how I should do that.
Additional information based on answers: - The registered redirect URI in the Misfit Application Settings is the redirect URI I am using in my code. - I built an Intent handler for my application to start its main activity when the redirect URI is called.
==========================================
IN REST CLIENT I GOT THE SAME >>>>
POST: https://api.misfitwearables.com/auth/tokens/exchange
REQUEST:
{
"grant_type":"authorization_code",
"code":{{USER CODE FROM AUTH}},
"redirect_uri":"SAME REDIRECT_URI AS IN AUTH",
"client_id":{{my app id}},
"client_secret":{{my app secret}}
}
RESPONSE:
{
"error": "invalid_grant",
"error_description": "App Id or redirect_uri does not match authorization code"
}
