soundcloud /oauth2/token returning nothing but a 401 response

Question

I noticed that some code I wrote using SoundcloudPHP stopped authenticating today, though it was working fine last time I used it a few days ago. To root out the problem, I've been trying to authenticate using the /oauth2/token endpoint but the response has been a 401 and empty body. I've been using the curl from the page at https://developers.soundcloud.com/docs/api/reference#token

From the command line:

curl -v -X POST "https://api.soundcloud.com/oauth2/token" -F 'client_id=MY_ID' -F 'client_secret=MY_SECRET' -F 'grant_type=authorization_code' -F 'redirect_uri=MY_REDIRECT' -F 'code=0000000EYAA1CRGodSoKJ9WsdhqVQr3g'

The response:

* About to connect() to api.soundcloud.com port 443 (#0)
*   Trying 72.21.91.127... connected
* Connected to api.soundcloud.com (72.21.91.127) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using AES256-SHA
* Server certificate:
*    subject: OU=Domain Control Validated; CN=*.soundcloud.com
*    start date: 2014-04-22 16:52:12 GMT
*    expire date: 2016-04-08 10:08:48 GMT
*    subjectAltName: api.soundcloud.com matched
*    issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Domain Validation CA - SHA256 - G2
*    SSL certificate verify ok.
> POST /oauth2/token HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15
> Host: api.soundcloud.com
> Accept: */*
> Content-Length: 658
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------e695cc6c8133
> 
< HTTP/1.1 100 Continue
< HTTP/1.1 401 Unauthorized
< Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Origin
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Date
< Cache-Control: private, max-age=0, must-revalidate
< Date: Thu, 01 Oct 2015 23:25:25 GMT
< Server: am/2
< Content-Length: 0
< 
* Connection #0 to host api.soundcloud.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

I've created new client tags to see if they'd work and I get the same thing. Since I'm using the curl provided in the docs I'd expect it to work. Any ideas?

Answer 1

I'm the creator of the php https://github.com/njasm/soundcloud library.

And the users of it reported the same problem, in fact what you say is also true that now, the curl examples on soundcloud don't work anymore (for some weird reason). Investigating the issue to fix the library I've found what seems to be a content-type issue.

It seems that the content-type you need to use when requesting/refresh a token MUST always be application/x-form-urlencoded, and before we (the library) was working fine by communicating with a content-type of application/json.

If you are a user of my library, you should update to the latest master. If you can help testing the fix, please report back to the issue page https://github.com/njasm/soundcloud/issues/25

Update: It's confirmed the content type MUST be application/x-form-urlencoded

I'm conducting some test to confirm that this is in fact the case. If so, I'll tag the commit to a stable release.

Good luck, and hope this helps!