Home/ Questions/Q 8982743
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T20:39:23+00:00

This question is in in follow up to my previous question Google oauth java

  • 0

This question is in in follow up to my previous question

Google oauth java client to get an access token fails with "400 Bad Request { "error" : "invalid_request" }"

I dived into JAVA APIs to solve the problem of exchanging code for an authToken in google’s oAuth API but couldn’t figure out an answer. Thus I went ahead with a very simplistic route.

I created following JSPs

index.jsp

<%@page import="java.net.URLEncoder"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>
        <a href="https://accounts.google.com/o/oauth2/auth?
scope=https://gdata.youtube.com/&
redirect_uri=<%=URLEncoder.encode("http://localhost:8080/BroadCastr/step2.jsp","UTF-8")%>&
response_type=code&
client_id=X985XXXXXXXX.apps.googleusercontent.com&approval_prompt=force">Connect google account</a>
    </body>
</html>

This page presented me with a simple link “Connect google account” which brought me successfully to googles page where I had to “Allow” my app to access youtube on my behalf

In step2.jsp

<%@page import="java.net.URLEncoder"%>
<%@page import="java.util.Iterator"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>JSP Page</title>
    </head>
    <body>

        <form id="frm" method="post" action="https://accounts.google.com/o/oauth2/token" enctype="application/x-www-form-urlencoded">
            <input type="hidden" name="code" value="<%=URLEncoder.encode(request.getParameter("code"),"UTF-8")%>"/>
            <input type="hidden" name="client_id" value="XXXXXXXXXXX.apps.googleusercontent.com"/>
            <input type="hidden" name="client_secret" value="XXXXxxxxXXXXXX"/>
            <input type="hidden" name="redirect_uri" value="<%=URLEncoder.encode("http://localhost:8080/BroadCastr/step3.jsp","UTF-8")%>"/>
            <input type="hidden" name="grant_type" value="authorization_code"/>
            <input type="hidden" name="scope" value=""/>
        </form>
    </body>
</html>
<script>
    document.getElementById("frm").submit();
</script>

But finally step2.jsp submits itself to google’s server all I get is following unhelpful JSON

{
"error": "invalid_request"
}

I will really appreciate any help on this one.
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    While making a POST to the access token end-point, the required parameters should NOT be url-encoded (atleast to the google APIs).

    Here, the redirect_uri parameter is encoded and hence, it is not the same as the one used at the time of the client registration resulting in invalid_request.

    Based on the above JSP code, if the redirect_uri parameter is fixed, the token server response might result in invalid_grant, as the code is also being encoded. Usually, google issues an authorization code, which is not url friendly.

    Removing the encoding for code and redirect_uri parameter above should result in a server response containing an access token.

    • 0