Trying to set up decoupled oauth for coinbase, code for token request failing

Question

I have been stuck on this for quite some time, I am doing decoupled oauth2 for coinbase and everything is working fine except when I get to the code for token exchange. I have the following lines of code in one of my rails controllers

@coinbase_user_token =   HTTParty.post("https://api.coinbase.com/oauth/token/",
        :headers => {"Accept" => "application/json"}, 
        :query => { 
            "grant_type" => "authorization_code",
            "code" => params["code"],
            "client_id" => ENV["COINBASE_KEY"],
            "client_secret" => ENV["COINBASE_SECRET"],
            "redirect_uri" => "http://fuf.me:3000/api/coinbase/token-callback"
        }
    )

whenever I send this I get the following response

"error"=>"invalid_grant",
"error_description"=>"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

I've also tried changing the request to model the curl request they have on their website

        @coinbase_user_token = HTTParty.post("https://api.coinbase.com/oauth/token/",
        :headers => {"Accept" => "application/x-www-form-urlencoded"}, 
        :data => "grant_type=authorization_code&code=" + params["code"] + "&client_id=" + ENV["COINBASE_KEY"] + "&client_secret=" + ENV["COINBASE_SECRET"] + "&redirect_uri=http://fuf.me:3000/api/coinbase/token-callback" 
    )

but this results in the same response. Any help on what I might be doing wrong or another approach would be greatly appreciated!

Answer 1

This will probably be solved simply by changing

:query => {

to

:body => {

I'm not familiar with HTTParty, but similar answers suggest that this will put the arguments in the POST body, rather than the query string.

For Coinbase Wallet API endpoints, you can pass arguments in your requests, as params, form data or JSON with correct Content-Type header.

- (ref)