Production: Authorization code not found for app

Hi team,

I’m trying to obtain the seller access token so my application can create the order on behalf of them.

Everything is good, Square is able to call to my callback URL along with all the data:

{"code":"sq0cgp-ABC","response_type":"code","state":"XYZ"}

Then, in my application code, I try to call the squareClient.oAuthApi.obtainToken() method to get the seller access token as following:


const {result} = await oauthInstance.obtainToken({
   code: JSON.stringify(code-from-Square),
   clientId: "sq0idp-RZoN38Lon7K1D7vGzyH_Ig",
   clientSecret: "my-production-secret-key",
   grantType: "authorization_code",
});

But I always get this error:

{"message":"Authorization code not found for app [sq0idp-RZoN38Lon7K1D7vGzyH_Ig]","type":"service.not_authorized"}

One example of authorize requests:

https://connect.squareup.com/oauth2/authorize?client_id=sq0idp-RZoN38Lon7K1D7vGzyH_Ig&response_type=code&scope=MERCHANT_PROFILE_READ+PAYMENTS_WRITE_ADDITIONAL_RECIPIENTS+PAYMENTS_WRITE+PAYMENTS_READ+ORDERS_WRITE+ORDERS_READ&state=a8a210f751a794dea60efffc6581e1e8

And, if I try the obtain token API in Square API Explorer with the same parameter values, it works and gives me the access token.

Could you help me to figure out what I’m missing?

:wave: I just tested the link you provided and it successfully authorized my account. Were you able to figure out the issue? :slightly_smiling_face:

Hi,

Your [One example of authorize requests:] looks fine but your call of [await oauthInstance.obtainToken] is very differ from your [One example of authorize requests:].

I am not very sure of your call of await oauthInstance.obtainToken() because I am not sure if you got correct [code] by calling JSON.stringfy(code-from-Square). [code] must be available from your callback or OAuthRedirect page so you don’t have to call JSON.stringfy() again. In javascript you could use <%=Session[“code”] %> where Session[“code”] is set as in your page by context.Request.QueryString[“code”];

Here is how I get the [code] from ‘callback url page / OAuthRedirect pgae’ in ASP.net.

authorizationCode = context.Request.QueryString[“code”];

Now using this [code],

ObtainTokenRequest body = new ObtainTokenRequest.Builder(
this.applicationId,
this.applicationSecret,
“authorization_code”)
.Code(authorizationCode) <====== This is the [code].
.Scopes(bodyScopes)
.Build();

//bodyScopes = List of strings. Authorized scopes for merchant. You are missing this.

IOAuthApi oAuthApi = client.OAuthApi;
Task t = oAuthApi.ObtainTokenAsync(body); //or (ObtainToken())

Your ObtainToken() method is missing ‘Scopes’ List of string, such as {“DEVICE_CREDENTIAL_MANAGEMENT”, “MERCHANT_PROFILE_READ”, “PAYMENTS_WRITE_ADDITIONAL_RECIPIENTS”, “PAYMENTS_WRITE”, “PAYMENTS_READ”}.

Refer to API Reference.

Let me know if you have resolved this problem or not. I am a developer also. Always welcome more knowledge, and want to know more.

Thanks.

Hi Bryan, it’s successful because I changed the call-back URL to my old backend.
My issue happens when I’m setting up a new backend for my application.
Everything is good with the old backend, compared those projects but couldn’t figure out what I’m missing for the new one.

Thanks for your comment, let me try.

Hi Brian, thank you so much for pointing out the issue
I updated my code as

code: code+"", // I use Typescript so need to ensure it's string here, that's why I used JSON.stringify() before

and everything is working well now.

So glad to see you resolved the issue.