Mailchimp "invalid_grant" error

Question

I'm trying to complete authentication with Mailchimp's OAuth implementation, and my access token request is getting an "invalid_grant" error.

Using the ruby HTTParty gem, I'm POSTing data to Mailchimp:

  url = 'https://login.mailchimp.com/oauth2/token'
  result = HTTParty.post(url,
                         body: {
                            grant_type: 'authorization_code',
                            client_id: ENV["MAILCHIMP_ID"],
                            client_secret: ENV["MAILCHIMP_SECRET"],
                            code: auth_hash.credentials.token,
                            redirect_uri: 'https://requestb.in/1jrbjmi1',
                         },
                         headers: {
                            'Accept': 'application/json'
                         })

Where:

• grant_type is 'authorization_code'
• client id & secret are the values given to me when I set up my app at the Mailchimp
• code is the token returned to me from the (successful) OAuth authentication

Has anyone encountered this sort of error? Any idea how to fix it?

Answer 1

I had a similar issue today, my conclusions are as follows:

1. Unfortunately MailChimp (and many other companies offering OAuth2 endpoints) doesn't provide additional error information - invalid_grant is shown for a number of different scenarios.

2. In my case the issue was caused by a slight difference in redirect_uri - I didn't include the exact match in the token request. It's strict and query parameters must be included and must match, too.

3. Including a wrong authorisation code unfortunately results in the same error as point above.

Answer 2

My issue with invalid_grant was caused by using encodeURIComponent on the redirect URI, and then passing this encoded value to the configuration of the request object. This essentially caused double encoding, which caused the redirect URI's to mismatch and that resulted in this error.