Server returns 403 during Authorization Code Flow

I really can’t figure out what I am doing wrong… I followed the ‘guide on Github’ and came up with

  	String urlParameters =
  			  "client_id=" + URLEncoder.encode(clientid, "UTF-8")
  			+ "&client_secret=" + URLEncoder.encode(secret, "UTF-8")
  			+ "&grant_type=authorization_code&redirect_uri=" + URLEncoder.encode("http://localhost:8000/token", "UTF-8")
  			+ "&code=" + URLEncoder.encode(token, "UTF-8")
  			+ "&state=" + URLEncoder.encode(uuid.replace("-", ""), "UTF-8");
                     	InputStreamReader in = new InputStreamReader(conn.getInputStream());

And I am getting a Server returned HTTP response code: 403 for URL:

at line

InputStreamReader in = new InputStreamReader(conn.getInputStream());

I have dubble checked my Secret / Client-ID etc, can’t spot a mistake in my Code.
Still I can not get it working…
Any ideas?

A 403 typically indicates a bad username/password [or in this case, client id + client secret] (a 403 is a forbidden error code).

Client ID and Client Secret don’t typically need a url encoder, but as it doesn’t contain special characters, that should be a no-op.

&client_secret=[your client secret]
&redirect_uri=[your registered redirect URI]
&code=[code received from redirect URI]
&state=[your provided unique token]```

I'd have to check my implementation, but I'm not sure if token should be url encoded.

Otherwise it looks good, with a general disclaimer that I don't typically work in java.

Provided your redirect url in your application is pointing at 'http://localhost:8000/token' that should be ok - but generally redirecting from an https endpoint (twitch auth) to an http endpoint (your local server) is a no-no, but shouldn't be deal breaking.

Have you tried a HttpsUrlConnection object instead of just Http?

I am allready using one! see this line
conn = (HttpURLConnection) url.openConnection();

I have dubble checked my client-ID and client-Secret, they were correct… I’ve resettet my Secret and it worked, weird, but oh well! Thank you anyways :wink:

Glad you figured it out! My suggestion was to use HttpsUrlConnection instead of HttpUrlConnection. Note the extra S. :slight_smile:

Oh yeah, I forgot to put down a s on every single one of them :smiley: replaced, thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.