OAuth 2.0 Troubleshooting

This section covers common issues with OAuth 2.0 integrations along with possible solutions.

Issues with Error Codes

401 Invalid Grant

If you receive a “401 Invalid Grant error” {"error":"invalid_grant", ensure that the callback area for your app on Yahoo Developer Network is empty. If the error persists, create a new app and leave the callback blank. That will allow you to bypass the invalid_grant.

401 Forbidden

If you are trying to retrieve an access token through a browser, you may get the following 401 Forbidden error: Oops. Yahoo is unable to process your request. We recommend that you contact the owner of the application or web site to resolve this issue. [95022]

Ensure that requests are made from code or cURL calls instead of through a browser. Refer to Step 4: Exchange authorization code for access token for details.

Version Issues

Ensure that requests follow the OAuth 2.0 spec instead of the OAuth 1.0a that also exists.

Issues with the Authorization Header

If you are having issues with the authorization header, first ensure that the client ID and secret are encoded correctly using the following format: base64(clientid:clientsecret)

There is no newline at the end of client secret.

Issues with Application Type

If you plan to manage your own data with a stand-alone app, ensure that you get a consumer key and secret by specifying “Installed Application”, not “Web Application”.

Issues with Mispelled Code

Ensure that you correctly spell all request parameters. For example, do not spell redirect_uri as redirect_url.