Troubleshoot OAuth errors

Troubleshoot OAuth errors that can occur before you access GraphQL.

 

Overview

Learn how to troubleshoot OAuth errors that can occur before you access GraphQL.

To troubleshoot GraphQL errors, see Troubleshoot GraphQL errors. If you are new to GraphQL, see Apollo Odyssey: GraphQL Tutorials.

Troubleshoot OAuth errors

The authorization endpoints are:

• https://secure.indeed.com/oauth/v2/authorize
• https://apis.indeed.com/oauth/v2/tokens
• https://secure.indeed.com/v2/api/appinfo
• https://secure.indeed.com/v2/api/userinfo

To return errors, authorization endpoints follow the Error Response guidelines in RFC 6749: The OAuth 2.0 Authorization Framework.

For example:

{
  "error_description": "Invalid grant",
  "error": "invalid_grant"
}

The error values are:

Troubleshoot OAuth errors

error value	Description	See
invalid_grant	Client ID, client secret, authorization code, or refresh token is incorrect. The error_description field contains a generic Invalid grant message.	invalid_grant errors – Causes and resolutions
invalid_request	Request parameter has an issue. The error_description field describes the issue.	invalid_request errors – Causes and resolutions
unsupported_grant_type	Grant type is not supported. The requested grant_type must be one of the following values: client_credentials authorization_code refresh_token

invalid_grant errors – Causes and resolutions

To resolve an invalid_grant error, review the following causes and resolutions:

invalid_grant errors – Causes and resolutions

Error	Cause	Resolution
Incorrect client ID or secret
	You copy a credential incorrectly from the Manage app credentials page.	Verify your client ID and secret.
Incorrect client secret
	You add a secret and delete the original secret for your client ID but do not update all your credential stores.	Verify that your credential stores contain the latest client secret.
Disabled client credentials grant type
	You use the Client credentials grant type (2-legged OAuth) and the client credentials grant type is not enabled.	On the Manage app credentials page, select Client credentials in Allowed grant types.
Disabled authorization code grant type
	You use the Authorization code grant type (3-legged OAuth), but the authorization code grant type is not enabled.	On the Manage app credentials page, select Authorization code in Allowed grant types.
Mismatched redirect_uri parameter values
	You use the Authorization code grant type (3-legged OAuth) and these values do not match: The redirect_uri parameter value that you sent to https://apis.indeed.com/oauth/v2/tokens The redirect_uri parameter value that you sent to https://secure.indeed.com/oauth/v2/authorize	Ensure that the two redirect_uri parameter values match.
Expired or already-used authorization code
	You use the Authorization code grant type (3-legged OAuth) and you used an expired or already-used authorization code. You can use an authorization code only one time.	To renew access tokens without reauthorization, request the offline_access scope and store the refresh token with the first access token.
Refresh token is not valid
	You use the Authorization code grant type (3-legged OAuth) and the refresh token is not valid. Refresh tokens expire 60 days after last usage or after issue if never used. This issue can occur for one of these reasons: The user revoked authorization from your app. Your app requested sequential authorizations from the same user but the original refresh tokens for this user are not valid. After each successful sequential authorization, you must update the refresh token that your app stores. Because the refresh token was not used recently, it expired.	Ask the user to request another refresh token through the Authorization code grant type (3-legged OAuth).
The authorization code or refresh token is not valid for your app
	You use the Authorization code grant type (3-legged OAuth) and the authorization code or refresh token is valid but it was issued to a different app.	Use the same client ID and secret through all stages of the authorization process.

invalid_request errors – Causes and resolutions

To resolve an invalid_request error, review the following causes and resolutions:

invalid_request errors – Causes and resolutions

Error	Cause	Resolution
Incorrect or missing parameter
	Required parameter is missing or its value is not valid.	Include or correct the parameter.
Misplaced query string parameters
	Query string parameters in the request URL in https://apis.indeed.com/oauth/v2/tokens request.	Include query string parameters in the HTTP request body, by using the application/x-www-form-urlencoded format.
Incorrect employer parameter value
	The issue can occur for one of these reasons: App's account, which uses Client credentials grant type (2-legged OAuth), or user, who uses Authorization code grant type (3-legged OAuth), does not have permission to access the employer that the employer parameter identifies. The employer parameter did not contain a valid employer ID. The employer parameter accepts different employer ID values than the legacy advertiserId parameter accepts.	To list valid employer values: For 2-legged OAuth, call the appinfo endpoint. See Get access token that represents employer. For 3-legged OAuth, call the v2/api/userinfo endpoint. See userinfo endpoint. If you have a master account, call this Sponsored Jobs API endpoint: GET /v1/subaccounts Then, update the value of the employer parameter.

 

Was this page helpful?