Hello Calendly Developer Community,I'm currently working on integrating Calendly into our Node.js/Express application to allow users to manage their appointments. I have successfully directed users to the authorization URL, and they can authorize the application successfully. However, I am encountering an issue during the OAuth token exchange phase.Process Overview: User Authorization: Users are redirected to the following URL to authorize: https://auth.calendly.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_ENCODED_REDIRECT_URI&response_type=code Upon successful authorization, they are redirected back with an authorization code. Authorization Code Example: Code received: qc_wV5N-WYdM8ROY-xZJRVwQUp2nx_mY3ONn1i3Yb_Q Token Exchange Request: I then make a POST request to exchange the authorization code for an access token: curl --request POST \ --url https://auth.calendly.com/oauth/token \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'code=qc_wV5N-WYdM8ROY-xZJRVwQUp2nx_mY3ONn1i3Yb_Q' \ --data-urlencode 'redirect_uri=https://backend.webboar.com:3000/api/integrations/add/calendly' Error Received: Upon making the token exchange request, I receive the following error:{ "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." } This error occurs even though I am using the same redirect_uri as in the initial authorization request and the code is freshly received.Could anyone suggest what might be going wrong or how to debug this issue further? Any insights or similar experiences shared would be greatly appreciated. I am using Node.js/Express and handling the OAuth flow manually, as well as attempting to use the simple-oauth2 library for managing OAuth flows.Thank you for any help you can provide!

Trouble with OAuth2 Token Exchange using Calendly API - Invalid Grant Error

Hello Calendly Developer Community,

I'm currently working on integrating Calendly into our Node.js/Express application to allow users to manage their appointments. I have successfully directed users to the authorization URL, and they can authorize the application successfully. However, I am encountering an issue during the OAuth token exchange phase.

Process Overview:

User Authorization: Users are redirected to the following URL to authorize:

https://auth.calendly.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_ENCODED_REDIRECT_URI&response_type=code

Upon successful authorization, they are redirected back with an authorization code.
Authorization Code Example:

Code received: qc_wV5N-WYdM8ROY-xZJRVwQUp2nx_mY3ONn1i3Yb_Q
Token Exchange Request: I then make a POST request to exchange the authorization code for an access token:

curl --request POST \ --url https://auth.calendly.com/oauth/token \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'code=qc_wV5N-WYdM8ROY-xZJRVwQUp2nx_mY3ONn1i3Yb_Q' \ --data-urlencode 'redirect_uri=https://backend.webboar.com:3000/api/integrations/add/calendly'

Error Received: Upon making the token exchange request, I receive the following error:

{ "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." }

This error occurs even though I am using the same redirect_uri as in the initial authorization request and the code is freshly received.

Could anyone suggest what might be going wrong or how to debug this issue further? Any insights or similar experiences shared would be greatly appreciated. I am using Node.js/Express and handling the OAuth flow manually, as well as attempting to use the simple-oauth2 library for managing OAuth flows.

Thank you for any help you can provide!

Page 1 / 1

Hi Eugene,

Thanks for reaching out!

I took a look at the error and this is referring to the grant being used as invalid. I see you have grant_type = authorization_code as expected but can you be sure this is in the body of the request?

Also can you be sure that the authorization code is valid or to try to generation another to send over with the grant?

Thank you!

Process Overview:

User Authorization: Users are redirected to the following URL to authorize:

https://auth.calendly.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_ENCODED_REDIRECT_URI&response_type=code

Upon successful authorization, they are redirected back with an authorization code.

Authorization Code Example:

Code received: mRHPuq-kywcxyz6AD3cKgG0it8vzSkuQIJ8OtDkPkUs

Token Exchange Request: I then make a POST request to exchange the authorization code for an access token:

curl --location 'https://auth.calendly.com/oauth/token' \

--header 'Authorization: Basic ZHFreW9ncGJES1VIWmRRaDdEWFUxRHdTZmVwbl9WNVptN1JDazlqSmh0STpnUkIxbHVmeGtaUWpTd29RN0ZNdmZTbXBoMGt2UDJUZjRVbnMwajMzU0xN' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Cookie: __cf_bm=iRrCgJV2HhSyp9iJZbEkH18n_BNITlmDz7kU2zkfw0I-1720599144-1.0.1.1-soOHNn03lVAJ4HBWJT2lGGmp4ovzxzFLzqUr1ht1cOSA45Aw7qUgCkmjtrQUCtesAJ0D.XM6oblM54Q1vi5_Ig; __cfruid=079e4565a29339b59d8acd8479c9fd1837999023-1720590508; _cfuvid=DlyFqVkERE_aLZePca75.F3eEAE5iFhnCAJqKRAfO3s-1720590508613-0.0.1.1-604800000' \

--data-urlencode 'grant_type=authorization_code' \

--data-urlencode 'code=mRHPuq-kywcxyz6AD3cKgG0it8vzSkuQIJ8OtDkPkUs' \

--data-urlencode 'redirect_uri=https://atul.ecarter.co/may_setup/'

Error Received: Upon making the token exchange request, I receive the following error:

{

"error": "invalid_grant",

"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."

}

Hi, @Atul61676 I found the solution to this problem.

Problem you are facing means that `authorization_code` has already been used somewhere else..

Like in my case I made a GET request using `https://auth.calendly.com/oauth/authorize?client_id={{client_id}}&response_type=code&redirect_uri=http://localhost:3003/oauth/callback`

so this GET request made use of that `authorize_code` but it was not supposed to return it.

# Solution that worked for me:
I took the GET request and made a request using my browser. The browsr didn’t consumed `authorization-code`, but returned it in PARAMS, from there I posted the request for `token_exchange` and it worked well with statusCode 200 OK.

looks like you’re running into an "invalid_grant" error when trying to exchange the authorization code for an access token. Double-check that the redirect_uri in your token exchange request exactly matches the one used in the initial authorization request. Even small differences can cause issues. Also, make sure the authorization code hasn’t expired or been used already. If everything looks correct but the issue persists, you might want to verify your client ID and secret are properly configured and consider any specific requirements from Calendly’s OAuth documentation.

Reply

Sign up

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Login to the community

Not a Calendly user yet? Head on over to Calendly.com to get started before logging into the community.

Scanning file for viruses.

This file cannot be downloaded