Getting a 3-Legged Token with Authorization Code Grant

Question

I am currently trying to complete this step by step tutorial which is based on Getting a 3-Legged Token with Authorization Code Grant

here is my cURL code:

curl -v "https://developer.api.autodesk.com/authentication/v1/gettoken" 
-X POST 
-H "Content-Type:application/x-www-form-urlencoded" 
-d "client_id=****&
    client_secret=****&
    grant_type=authorization_code&
    code=1O4F-z9gXRtGlBymcGoD3bV3Ws2cqqjeN78PpgGn&
    redirect_uri=http://localhost:3000/api/forge/callback/oauth"

here is the error I am stuck with:

{"developerMessage":"The authorization code/refresh token is expired or 
invalid/redirect_uri must have the same value as in the authorization 
request.","userMessage":"","errorCode":"AUTH-004","more 
info":"http://developer.api.autodesk.com/documentation/v1/errors/AUTH-004"}* 
Connection #0 to host developer.api.autodesk.com left intact

Note:

• I have double checked that the URI is the same as my callback URL on the forge application.
• The spacing on the cURL code is simply for visual reasons, this is not how it is ran within my command line.

Answer 1

I think what's going on is that the code you get after the user logs in has an extremely short expiration time. After all, the POST /authentication/v1/gettoken endpoint is meant to be called immediately after the user logs in.

Btw. I went through the same steps, and since it took me a while to create a Postman request with the code I received, I ended up with the same error as you. Then, when I requested another code and immediately re-sent the Postman request, it succeeded.