0

In our application we have a angular frontend app which has Autodesk login for BIM 360 document. After user is logged in frontend we are retrieving 3 legged authorization code from Autodesk and pass it to C# backend where we are using the code to get the access_token and refresh token. We are using this to get the authorization code -

https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id={client_Id}&redirect_uri={callbakcurl}&scope=data:read

Using this to get access_token from the code -

https://developer.api.autodesk.com/authentication/v1/gettoken

We are getting the below error -

{
  "developerMessage": "The authorization code/refresh token is expired or invalid/redirect_uri must have the same value as in the authorization request.",
  "errorCode": "AUTH-004",
  "more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}

We make sure that our redirect_url is correct/same to get the authorization code and get the access_token. Can anyone help me with how long this authorization code is valid for?

Sumana
  • 51
  • 1
  • 6

1 Answers1

0

A couple of things to check:

  • As @KingJ mentioned already, make sure that your redirect URL is url-encoded; same for the scopes, I believe the : symbol (and spaces if there are multiple scopes) should also be encoded
  • Note that the code you obtain from the first HTTP call is only valid for a very short amount of time (units of seconds); you should make the second HTTP call as soon as you have the code available, otherwise it'll expire
  • What is the body of the 2nd request? Are you setting all the params marked as required in the docs?
Petr Broz
  • 8,891
  • 2
  • 15
  • 24