Troubleshoot OAuth errors

Troubleshoot OAuth errors that can occur before you access GraphQL.

 

Overview

Learn how to troubleshoot OAuth errors that can occur before you reach GraphQL.

For GraphQL-specific errors, see Troubleshoot GraphQL errors. If you are new to GraphQL, see Apollo Odyssey: GraphQL Tutorials.

Troubleshoot OAuth errors

The authorization endpoints are:

• https://secure.indeed.com/oauth/v2/authorize
• https://apis.indeed.com/oauth/v2/tokens
• https://secure.indeed.com/v2/api/appinfo
• https://secure.indeed.com/v2/api/userinfo

Authorization endpoints return errors that follow the Error Response guidelines in RFC 6749: The OAuth 2.0 Authorization Framework.

For example:

{
  "error_description": "Invalid grant",
  "error": "invalid_grant"
}

The error values are:

Troubleshoot OAuth errors

error value	Description	See
invalid_grant	The client ID, client secret, authorization code, or refresh token is incorrect. The error_description field contains a generic Invalid grant message.	invalid_grant errors – Causes and resolutions
invalid_request	A request parameter has an issue. The error_description field describes the issue.	invalid_request errors – Causes and resolutions
unsupported_grant_type	Indeed does not support the requested grant type. Use one of these values for grant_type: client_credentials authorization_code refresh_token

invalid_grant errors – Causes and resolutions

To resolve an invalid_grant error, review these causes and resolutions:

invalid_grant errors – Causes and resolutions

Error	Cause	Resolution
Incorrect client ID or secret
	You copied a credential incorrectly from the Manage app credentials page.	Verify your client ID and secret.
Incorrect client secret
	You added a secret and deleted the original secret for your client ID, but did not update every credential store.	Verify that every credential store contains the latest client secret.
Disabled client credentials grant type
	The app uses the client credentials grant type (2-legged OAuth), but that grant type is not enabled.	On the Manage app credentials page, select Client credentials under Allowed grant types.
Disabled authorization code grant type
	The app uses the authorization code grant type (3-legged OAuth), but that grant type is not enabled.	On the Manage app credentials page, select Authorization code under Allowed grant types.
Mismatched redirect_uri parameter values
	The app uses the authorization code grant type (3-legged OAuth), and these values do not match: The redirect_uri value you sent to https://apis.indeed.com/oauth/v2/tokens. The redirect_uri value you sent to https://secure.indeed.com/oauth/v2/authorize.	Use the same redirect_uri value in both requests.
Expired or already-used authorization code
	The app uses the authorization code grant type (3-legged OAuth) with an expired or used authorization code. You can use an authorization code only once.	To renew access tokens without reauthorization, request the offline_access scope and store the refresh token with the first access token.
Refresh token is not valid
	The app uses the authorization code grant type (3-legged OAuth), and the refresh token is invalid. Refresh tokens expire 60 days after the last use, or 60 days after issue if you never use them. This issue occurs for one of these reasons: The user revoked authorization from your app. Your app requested sequential authorizations from the same user, but the original refresh tokens for this user are no longer valid. After each successful sequential authorization, update the refresh token your app stores. The refresh token expired because you did not use it recently.	Ask the user to request another refresh token through the authorization code grant type (3-legged OAuth).
The authorization code or refresh token is not valid for your app
	The app uses the authorization code grant type (3-legged OAuth) with an authorization code or refresh token that is valid but belongs to a different app.	Use the same client ID and secret throughout the authorization process.

invalid_request errors – Causes and resolutions

To resolve an invalid_request error, review these causes and resolutions:

invalid_request errors – Causes and resolutions

Error	Cause	Resolution
Incorrect or missing parameter
	A required parameter is missing or has an invalid value.	Add or correct the parameter.
Misplaced query string parameters
	You sent query string parameters in the request URL for https://apis.indeed.com/oauth/v2/tokens.	Send the parameters in the HTTP request body, using the application/x-www-form-urlencoded format.
Incorrect employer parameter value
	This issue can occur for one of these reasons: The app's account (client credentials grant type, 2-legged OAuth) or the user (authorization code grant type, 3-legged OAuth) does not have permission to access the employer that the employer parameter identifies. The employer parameter does not contain a valid employer ID. The employer parameter accepts different employer ID values than the legacy advertiserId parameter.	To list valid employer values: For 2-legged OAuth, call the appinfo endpoint. See Get access token that represents employer. For 3-legged OAuth, call the v2/api/userinfo endpoint. See userinfo endpoint. If you have a master account, call this Sponsored Jobs API endpoint: GET /v1/subaccounts Then update the employer parameter value.

 

Was this page helpful?