Missing required parameter: code_verifier

Hi all,

I can absolutely not wrap my head around this problem. So I’ve implemented the OAuth2 flow for 3 different environments for my application: local, acceptance and production.

For local and production everything seems to be working fine, however, for my acceptance environment I keep getting the following error: Missing required parameter: code_verifier.

The redirect URI and the environment type for the Calendly Integration app have been set accordingly. I’ve even played switched the environment setting for the Calendly app from Sandbox to Production and vice versa, but no success.

The only difference between production and acceptance is the redirect URI, where the production domain is on app.example.com and the acceptance is on app-acc.example.com

I just cannot understand why this error appears for one environment and not the other. I need some insight here….

Page 1 / 1

@Omnika25034 - What “kind of app” do you have selected in your OAuth settings? Web or native?

If the type is “native” (client side app), you’ll need to generate a code challenge query parameter in the oauth url.

See example here:

https://github.com/tcampb/calendly-webhooks-ui/blob/fa9f5a0949ae5129836d4eff3681068b4a31b403/src/components/Login.jsx#L18

Hey thank you for your reply.

The type os set to Web.

@Omnika25034 - are you able to share the code examples you are using to generate the oauth url and request the auth token (with client credentials hidden)?

As much as I’d like to, this error is thrown only specifially when I configure app-acc.example.com as redirect URI in the Calendly app settings. Of course I have made sure this is the same url set on my server. I’m just dumbfounded that no issues arise when I use localhost (Sandbox env) or when I use app.example.com (Production). As soon as I configure app-acc.example.com the OAuth flow doesn’t succeed and I am left with the error: Missing required parameter: code_verifier.

Why does this specifically happen for the app-acc subdomain?

What content type are you sending the request as, json or url encoded? Im wondering if the “-“ in your redirect url is not being properly encoded.

Thank you for your reply.

I’m using Python in the backend and the httpx library to make the request. The required parameters are set in the data argument when making a post request, so it’s an application/x-www-form-urlencoded request.

Thanks for the additional details. Executing the Python code below with your redirect URI worked as expected; I was unable to reproduce the error. I would recommend creating a brand new app in the developer portal for the redirect uri that includes a “-”. If that doesn’t work, then I would reach out to support+developer@calendly.com with this information. They’ll be able to look at the logs to better understand why the request is failing.

----------

import httpx

url = "https://auth.calendly.com/oauth/token"

data = {"code": "CODE", "grant_type": "authorization_code", "redirect_uri": "https://app-acc.example.com"}

auth = httpx.BasicAuth("CLIENT_ID", "CLIENT_SECRET")

response = httpx.post(url, data=data, auth=auth)

print(response.status_code)

print(response.json())

Sign up

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Login to the community

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Scanning file for viruses.

This file cannot be downloaded