question

Oblo Living avatar image
Oblo Living asked

Access Token Request - invalid_client - 401 status

Keep getting "error": "invalid_client" but set everything like official example:

POST /auth/o2/token HTTP/1.1
Host: api.amazon.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=authorization_code
&code=amazon authorization code 
&client_id=yourClientId            ---> is 'Alexa Client Id'?
&client_secret=yourClientSecret    ---> is 'Alexa Client Secret'?
&redirect_uri=yourRedirectUri

Authorization is set to: Bearer Token czzCaGRSa3F0MzpnWDFmQmF0M2JW


What am I doing wrong?
Please help!
Thanks in advance!
alexa
10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Andy Whitworth avatar image
Andy Whitworth answered

Stepping back a bit, what is the purpose you're looking to obtain an access token for ?

5 comments
10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Building App-to-app-account-linking...
0 Likes 0 ·

OK, the Amazon documentation says:

Client ID

The client ID that the developer console provides when you enable app-to-app account linking in the developer console.

Client secret

The client secret that the developer console provides when you enable app-to-app account linking in the developer console.

Are they the values you're supplying ?

And for

&code=amazon authorization code

You're supplying the auth code you've received ?

Not sure if you need the Authorization header either, the Amazon docs I'm looking at don't mention it.

0 Likes 0 ·

Yes, 'code' is the value from response from LWA request.

If no authorization header is set, or other authorization header type - I get "error_description": "Malformed request", "error": "invalid_request".

If authorization header is set as 'Bearer Token' than "error": "invalid_client".

Also tried with Client ID and Client secret from 'Security Profile Management > My profile...', and got the same error like with Amazon Client Id and Amazon Client secret.


0 Likes 0 ·
Show more comments