wohali/oauth2-discord-new

{"error":"invalid_grant","error_description":"Invalid \"code\" in request."}

Closed this issue · 7 comments

LevPrav999 commented

Hello. I use this code:

#[Route("/login", name: "login")]
    public function login(#[MapQueryParameter] ?string $code, ClientRegistry $clientRegistry): JsonResponse
    {
        $token = $clientRegistry->getClient('discord')->getAccessToken([
            'code' => $code
        ])->getToken();

        $user = $clientRegistry->getClient('discord')->getOAuth2Provider()->getResourceOwner($token);
        return new JsonResponse(["ok" => $user]);
    }

But it returns an error: {"error":"invalid_grant","error_description":"Invalid "code" in request."}
How can i fix it?

HayateLaTech commented

the issue arises when the code is used multiple times x3 it's a one-time usage, so once used, it'll get invalidated.
the code snippet you showed doesn't re-use the code so I can only assume you tried reloading the page with the same code?

wohali commented

What @HayateLaTech said is correct. Avoid page reloading, in testing always start from the beginning of the flow.

LevPrav999 commented

Thanks for the answer. However, I don't use page reload anywhere.

I create gist with my code: https://gist.github.com/LevPrav999/02149874b4bd496e6423092e03d5e590
Can you help me with my problem, please?

HayateLaTech commented

Try debugging your application to see where it loops and triggers the

$token = $clientRegistry->getClient('discord')->getAccessToken([
'code' => $code
])->getToken();

part of your code twice.

LevPrav999 commented

I have been debugging applications, there are no cycles. The code is executed once. I may have configured the framework configuration incorrectly. Now I have done there that the token is saved to the session and then taken from it. It works, but this method does not seem to me the best