PostMan 5.5 fails to complete OAuth 2 requests

In the 5.4 version of the Postman Chrome app, I am able to successfully request an OAuth2 token from Bungie.net with the provided Auth URL, ClientId, and ClientSecret.

With the desktop app, this same flow fails with the error:

error:"invalid_grant"
error_description:“AuthorizationCodeInvalid”

No other error information is provided.

1 Like

The Postman desktop app is now at 5.5. Can you try upgrading and see if the issue persists for you?

Just tried that this morning. Same error.

Any idea what would generate that combination of error & error_description?

Thanks.

What grant type are you using? I’ve not used bungie before, so cannot say what exactly is going wrong. Each auth provider has its own quirks.

@harryi3t @kamalaknn - thoughts?

I’m using ‘Authorization Code’. This is the same grant type that I’ve been using successfully on the Chrome app. Thanks for asking. I’m completely in the dark on how to fix this.

Ok, so you’re saying it works on Chrome App but not in the newly revamped auth of native app (I guess v5.4 and above). Let me dig deeper or point it to the more enlighten ones. :blush:

Ok, so you’re saying it works on Chrome App but not in the newly revamped auth of native app

Yes. Thanks again.

@blindkoala
I was able to reproduce the issue.
I have created an internal ticket for it and am working on a fix.

Here’s the explanation of why this happened.

This bug is limited to Bungie.net (or any other server which includes intermediate redirections containing “code” query parameter)

These are the redirections which happen behind the scene

https://www.bungie.net/en/OAuth/Authorize
\/
https://auth.api.sonyentertainmentnetwork.com/2.0/oauth/authorize
\/
https://www.bungie.net/en/User/SignIn/Psnid?code=INTERMEDIATE_CODE
\/
https://app.getpostman.com/oauth2/callback?code=ACTUAL_CODE

Since the param “code” was found in the 3rd step, we use it to make the call to get access_token.
Since that code was not ACTUAL_CODE, it fails.

Good to know. Hopefully I helped you root out a bug that’s not just present on Bungie.net. Nice work!

1 Like