If you are having a response that says “The authorization code is invalid or has expired” than there are two possibilities.
- You or the service you are using that hit v1/token endpoint is taking too long to call the token endpoint. The expiry time for the code is very minimum.
- The code that you are receiving has backslashes in it.
Solution for Point 1: Don’t take too long to call the end point. suppose you are using postman to and you got the code from v1/authorize endpoint. copy it quickly, paste it in the v1/token endpoint and call it. code expiration time is 30 to 60 sec.
Solution for Point 2: if you are receiving code that has backslashes in it then you must be using “response_mode = okta_post_message” in v1/authorize call. try to use “response_mode=form_post”. It will minimize the possibiliy of backslash occurence, for safety pusposes you can use do while loop in the code where you are trying to hit authorization endpoint so in case you receive backslash in code. it can again hit the end point to retrieve code.
Hope It solves further confusions regarding invalid code.
Thanks
Regards
Hasnain Haider