BAD_CLIENT_SECRET when refreshing OAuth2 token

caio-pizzol · ‎Dec 21, 2022

Hey community!

I'm creating my second HubSpot App since I want to have 2 separated environment - test and prod.

(first HubSpot app just works fine - but I'm not able to do refresh the OAuth2 token with the 2nd App).

Here's how I do it:

1) Created a HubSpot app (https://developer.hubspot.com/)

2) Defined redirect URL in auth settings

For example: http://locahost

3) Installed your app with URL (through Browser)

https://app.hubspot.com/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&scope={sco...}

> Within browser, selected which account the App should be installed to

4) Retrieved the authorization code from URL

http://localhost/?code={code}

5) Requested access token

curl -i -X POST \

'https://api.hubapi.com/oauth/v1/token' \

-d 'grant_type=authorization_code' \

-d 'client_id={client_id}' \

-d 'client_secret={client_secret}' \

-d 'redirect_uri={redirect_uri}' \

-d 'code={code}'

Response:

{

"token_type":"bearer",

"refresh_token":"{refresh_token}",

"access_token":"{access_token}",

"expires_in":1800

}

6) Used the refresh token to generate a new access token (after expiring)

curl -i -X POST \

'https://api.hubapi.com/oauth/v1/token' \

-H 'Content-Type: application/x-www-form-urlencoded' \

-d 'grant_type=refresh_token' \

-d 'client_id={client_id}' \

-d 'client_secret={client_secret}' \

-d 'redirect_uri={redirect_uri}' \

-d 'refresh_token={refresh_token}'

This is the response I got back:

{

"status": "BAD_CLIENT_SECRET",

"message": "missing or invalid client secret",

"correlationId": "63663eed-c495-4027-9714-22b511f56be5"

}

Any clue of what I might do doing wrong here?

(as I said for the 1st App it just works fine for me when refreshing the token)

caio-pizzol · ‎Jan 4, 2023

Hey guys,

Thanks a lot for the help.

I actually tried using the same mentioned steps and it suddenly worked.

It looks like on my first try - the access_token wasn't expired yet (after the 1800s) and that for some reason gave me the error.

After the first expiration the refresh_token method works just fine (even when not waiting for the token expiration)

View solution in original post

caio-pizzol · ‎Jan 4, 2023

Hey guys,

Thanks a lot for the help.

I actually tried using the same mentioned steps and it suddenly worked.

It looks like on my first try - the access_token wasn't expired yet (after the 1800s) and that for some reason gave me the error.

After the first expiration the refresh_token method works just fine (even when not waiting for the token expiration)

tominal · ‎Jan 4, 2023

Hey @caio-pizzol,

I do not immediately see any issue here, but have you tried sending in your payload as JSON? Same result?

Thomas Johnson
Community Champion

Kahu Software LLC
A Texan HubSpot consulting firm
https://kahusoftware.com

TiphaineCuisset · ‎Jan 3, 2023

Hi @caio-pizzol

Thank you for reaching out.

I want to tag some of our experts here - @Teun @coldrickjack @tominal do you have any thoughts for @caio-pizzol on this?

Thank you!

Best

Tiphaine

Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres !

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !

APIs & Integrations