OAuthV2 Policy unstable with "GrantType=authorizat...

yahyaoui · 07-18-2022 01:03 PM

Hello,

I am developing the flow authorization code with PKCE in apigee x. While testing today, I noticed an abnormal behavior.

The flow was operational last week but today I have an error when I call /token in order to exchange "code" against an "access token".

The error message is as follows :

{"ErrorCode":"invalid_grant","Error":"Invalid authorization code"}

I managed to reproduce the error by following the example described below:

 https://cloud.google.com/apigee/docs/api-platform/security/oauth/oauth-v2-policy-authorization-code-grant-type?hl=en#stepsintheauthorizationcodeflow-6edgesendstheauthorizationcodebacktotheclient

I wonder if you had the same behavior and if you manage to reproduce the same result or if there was an update on apigee side that I don't know.

Regards,

dchiesa1

I've never seen that. I suppose you're doing something .. special.

Here's a screencast I did some time ago, that covers this flow. And here is the source code repo.

Here is the helper webpage that I mentioned in the screencast. You should be able to use this with your own OAuth2/PKCE endpoint, even if you don't use my configuration.

yahyaoui

I identified the problem. Basically, the consumer application is no longer recognized by the OAuthV2 policy. I tested with an old one and it worked.

When I created a new application via APIGEE web tool or the APIGEE API, I reproduced the error.

POST https://apigee.googleapis.com/v1/{parent=organizations/*/developers/*}/apps

dchiesa1

Good effort reproducing the problem. It sounds like a bug, from what you are describing. At this point, I suggest that you connect with Apigee support to report this problem.

OAuthV2 Policy unstable with "GrantType=authorization_code"