Google OAuth2: Required parameter is missing: grant_type

node.js authentication oauth-2.0 google-oauth
15,462

As @BenFortune has already mentioned, I was sending GET parameters as a POST request. It's amazing such a trivial thing has gone unnoticed after trying to figure it out for over an hour.

Now, I blame inconsistencies across OAuth providers for this. In the same application I am doing a GET request to Facebook to obtain access_token: https://graph.facebook.com/oauth/access_token. But Google expects a POST request to obtain access_token: https://accounts.google.com/o/oauth2/token

Correct version:

  var url = 'https://accounts.google.com/o/oauth2/token';
  var payload = {
    grant_type: 'authorization_code',
    code: req.body.code,
    client_id: req.body.clientId,
    client_secret: 'HIDDEN',
    redirect_uri: req.body.redirectUri
  };

  request.post(url, { form: payload }, function(error, response, body) {
    console.log(body);
  });
Share:
15,462
Sahat Yalkabov
Author by

Sahat Yalkabov

Updated on June 22, 2022

Comments

  • Sahat Yalkabov
    Sahat Yalkabov almost 2 years

    I have tried just about everything, read every StackOverflow post on this issue but I still can't get it to work. Interestingly enough, I am able to get 200 OK response when sending a POST request via DHC REST API Client (Google Chrome app). 

      var url = 'https://accounts.google.com/o/oauth2/token';
  var params = querystring.stringify({
    grant_type: 'authorization_code',
    code: req.body.code,
    client_id: req.body.clientId,
    client_secret: 'HIDDEN',
    redirect_uri: req.body.redirectUri
  });
  params = querystring.unescape(params); // doesn't work with or without string escaping

  request.post(url + '?' + params, function(error, response, body) {
    console.log(body);
  });

    enter image description here

    enter image description here

  • Javi
    Javi over 8 years
    Hi, I'm facing the same error. I tried what you did and I receive this error: XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 400.
  • Choletski
    Choletski over 7 years
    omg, fu*ing postman, I was inserting url params instead of POST params...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Passport-js How to create a custom strategy
flutter_web_auth doesn't redirect from WebView to the app after authorizing the access to my data in Flutter
How to use nativeclient redirect URI when authenticating with Microsoft Azure?
Google Sign-In: backend verification
POSTMAN, OAuth2 and Google Directory API
Get access token on server side javascript (nodejs) using google authorization code received from client side
How to OAuth 2.0 with Retrofit Android
Unable to refresh OAuth2 token in PHP, invalid grant
Node.js and Passport Object has no method validPassword
How should I store a token generated by a RESTful API?