The authorisation code is expired or invalid

Hey , I could make some changes and it worked on POSTMAN. Following is the URL is am using on POSTMAN. curl --location --request POST ‘
–header ‘Accept: application/json’
–header ‘Content-Type: application/x-www-form-urlencoded’
–header ‘Authorization: Basic MG9hMTJxNDBwUVdkRWE5Qlg0eDY6NWVwTFBaSG1YYW1BY196bkZnbWtTR2ExS0FhT1JEMm5VOWhxd1VZUg==’
–data-urlencode ‘grant_type=authorization_code’
–data-urlencode ‘redirect_uri=http://localhost:8080/content-catalog/login’
–data-urlencode ‘code=uT1nmYBuPlHXFg1NRgUN’. But ,now when I used this in the node js project ,it throws ‘The authorisation code is invalid or has expired error’.I checked it on in the app logs as well but there is not sucessful token grant and just ‘The authorisation code is invalid or has expired error’.

return’/oauth2/default/v1/token’, {
payload: formData,
headers: {
‘Accept’: ‘application/json’,
‘Content-type’: ‘application/x-www-form-urlencoded’,
‘Authorization’: ${basicAuth}
}).then((oauthResponse) => {
const mysecret = this.oktaClient_secret || ‘none’;
request.log(‘Ankit ‘, oauthResponse);
// request.log(mysecret);
// request.log(oauthResponse.statusCode);
if (oauthResponse.statusCode !== 200) {
throw Invalid OAuth response (Status ${oauthResponse.statusCode} / ${mysecret.substring(0, 3)}...${mysecret.substring(mysecret.length - 3)}): ${JSON.stringify(oauthResponse.payload)};
if (!(‘access_token’ in oauthResponse.payload)) {
throw Invalid OAuth response: ${JSON.stringify(oauthResponse.payload)};
const token = oauthResponse.payload.access_token;
this.id_token = oauthResponse.payload.id_token;
return this.verify(token).then((decoded) => {
return {
}).catch((error) =>
This is the code.Can someone help me with this?

Hi @snsinha

The authorization code used in the authorization code flow is available for one minute and can be used only once in order to exchange it for JSON Web Tokens.

Yes.I understand that. Infact the GET request for the code and token url are in the same flow .So its definitely lesser than 1 minutes.

Hi @snsinha

Can you please open a support case with us through an email to in order to further check the tenant logs and see the authorization code requests?