function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Jeff SVJeff SV 

"expired authorization code" when requesting Access Token

What are possible causes of the error message, "expired authorization code," when requesting an OAuth Access Token?


I'm testing the cookbook code at, "Interact with the REST API from PHP."


At oauth_callback.php, line 31, I seeing:

  • status: 400
  • error_uri: expired authorization code
  • error: invalid_grant
  • error_description: expired authorization code


Pat PattersonPat Patterson

Hi Jeff - this can happen if you try to retrieve an access token multiple times for the same authorization code - the second and subsequent attempts will fail.

Marty Y. ChangMarty Y. Chang

Does anyone have other suggestions for how to resolve this error?  I am pretty sure that I am not reusing an old authorization code.


I'm running into the same problem as Jeff when attempting to test out OAuth 2.0 in irb.  Here are the basic steps I am taking to try to obtain an access token:

  1. Construct the authorize URL.
  2. Paste the authorize URL into a web browser.
  3. Authenticate as a valid Sf user.  At this point the browser is redirected to a non-existent callback URL, which leaves the redirect URL complete with the code param intact in the browser.
  4. Use the code param from the redirect URL to obtain an access token in irb.


When I attempt to get the access token following the above procedure, I get the error, "expired authorization code".

Marty Y. ChangMarty Y. Chang

Never mind...  I just re-examined my code and found out that I had a bug where an obsolete variable was being used to provide the auth code instead of what I thought I was putting in as the auth code.  The irb test I described above now works fine.