+ Start a Discussion
Aaron BaumanAaron Bauman 

unsupported grant type for OAuth 2.0 Web Server

I'm following this tutorial:



When I get to the final step - requesting the auth token - I always get an undocumented "unsupported_grant_type" message. Seems like this is some kind of generic error message, but I can't get around it.


I correctly retrieve a code form the initial GET request. Fine.

I generate a POST using that code:


POST /services/oauth2/token HTTP/1.0 Host: login.salesforce.com User-Agent: Drupal (+http://drupal.org/) Content-Length: 300 grant_type=authorization_code&code=aPrxVyeZrusRBnc3MMnY7pNlQsARBRDqXQTQ12UzEIDjUBJjlgXOq4_IUp.9E3k%3D&client_id=XXXXXXXXXXXXX&client_secret=XXXXXXXXXXXXX&redirect_uri=https%3A%2F%2Flocalhost%2FRestTest%2Fsalesforce%2Foauth


And the response is always the same:


{"error":"unsupported_grant_type","error_description":"grant type not supported"}


Everything is properly url encoded, and I've followed the directions to a T.

Any ideas?




It looks like your request is missing the content-type header.

Aaron BaumanAaron Bauman

Content-Type header eh?

interesting that this requirement is completely undocumented.

should the value of the Content-Type header match the Accept header?


does the java client include this header automatically?

why does the error mention only "unsupported grant type" and not the missing header?

Aaron BaumanAaron Bauman

PS. I can verify that setting "Content-Type" header to "'application/x-www-form-urlencoded" addresses this issue.


Note to documentation team: might be nice if that were mentioned somewhere or anywhere since it's an absolute requirement.


I'll look at getting this added to the docs, although its tough to know where to draw the line, otherwise you can end up redocumenting the entire HTTP protocol. 


Many http clients will automatically set the content-type header for you if you're using their api for setting form data. THe error message from the server definitely could be better, the reason you see this particular error is because without the right content-type being set, the server can't decode the form values, and so it thinks the first parameter it checks isn't set.

Aaron BaumanAaron Bauman

Yeah, I see what you mean.

Anyway, thanks for your help and your quick response on this, Simon.

Saved me another couple hours of banging my head on my desk.

Hopefully someone else will find this thread when they run into the same issue.


Hi -- I'm having this issue, too.

Could you tell me how you knew what to set the content-type in the header to?

I've tried what you put, and that doesn't work, but I don't know how to find out what my accept headers are.

Thanks very much,



Following is code I am using to get the access token.

Still I am getting error=unsupported_grant_type



private String auth_url = "https://login.salesforce.com/services/oauth2/token";

HttpPost httpPost = new HttpPost(auth_url);
catch(Exception ex){
httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
HttpEntity entity = new DefaultHttpClient().execute(httpPost).getEntity();
if (entity != null) {
InputStream instream = entity.getContent();
BufferedReader reader = new BufferedReader(new InputStreamReader(instream));
String requestTokenResponseString = reader.readLine();


I've resolved it. I wanst adding code param.


The documentation really should note that Content-Type and Content-Length must be supplied in the POST.


Hi Anuj,


Just wanted to know what you added to get the response.
The request which I am supplying is having content-type: application/x-www-form-urlencoded. Any other things I need to add to my request body?


I get the same response error

{"error":"unsupported_grant_type","error_description":"grant type not supported"}


And following is my client code, do I miss anything here? I input the code from console (I get it after the authorization step is done)

 HttpClient client = new HttpClient();
        PostMethod post = new PostMethod("https://login.salesforce.com/services/oauth2/token");
        post.getParams().setParameter("grant_type","authorization_code");        post.getParams().setParameter("client_id","3MVG9Y6d_Btp4xp4S0UExFwosGGJCLQZq3k8mUbBu6DoVNiWVlxqKMHCzpPi4DHx9b.PsxqacuY5hwpGFlxCM");
        post.getParams().setParameter("code", in.nextLine());
        post.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        String responseBody = post.getResponseBodyAsString();


I have resloved this error, with following test code, responseBody is as below

{"error":"invalid_grant","error_description":"invalid authorization code"}


Following is my test code.

 Scanner in = new Scanner(System.in);  
        HttpClient client = new HttpClient();
        PostMethod post = new PostMethod("https://login.salesforce.com/services/oauth2/token");
        post.setParameter("grant_type","authorization_code");         post.setParameter("client_id","3MVG9Y6d_Btp4xp4S0UExFwosGGJCLQZq3k8mUbBu6DoVNiWVlxqKMHCzpPi4DHx9b.PsxqacuY5hwpGFlxCM");
        post.setParameter("code", in.nextLine());
        post.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        String responseBody = post.getResponseBodyAsString();
        String accessToken = null;
        JSONObject json = null;
        try {
            json = new JSONObject(responseBody); 
            accessToken = json.getString("access_token");
        } catch (JSONException e) {

Matthew WeissMatthew Weiss

What is an example of a 'code' 

post.setParameter("code", in.nextLine());
What would a person input to authenticate?