The authorization code is invalid or has expired


I get the below error back many times per day when users post to /token. Does anyone know what can cause an auth code to become invalid or expired? Considering the auth code is typically immediately used to grab a token, what situation would allow it to expire?

{“error”:“invalid_grant”,“error_description”:“The authorization code is invalid or has expired.”}


One thought comes to mind. If you double submit the code, it will be expired / invalid because it is already used.

You can check Okta’s logs to see a pattern that a user is granted a token and then there is a failed.

When you are looking at the log, if you click on the code target (the one that isn’t in parentheses) you can see other requests using the same code.

Hope this helps! Let me know if this was the issue.


I am getting the same error while executing below Okta API in SOAP UI
with below header parameters
Authorization-Basic MG9hZG5lcDhyelJwcGI4WGUwaDc6bHNnLWhjYkh1eVA3VngtSDFhYmR0WC0ydDE2N1YwYXA3dGpFVW92MA==

Error getting is {“error”:“invalid_grant”,“error_description”:“The authorization code is invalid or has expired.”}


Are you actually passing the code?