Oauth2 failing to get new token.

[hugoprudente]

Hi team,

I think something changed on the MAL backend, I use windows to generate the token for my containers as they don't have browser and last time that I logged was fine but now I have 400 invalid_request what is quite weird.

Any ideas?

If opening url failed enter it manually into your browser:

https://myanimelist.net/v1/oauth2/authorize?response_type=code&client_id=3a53b...&state=RequestID42&code_challenge=nSakl1Ls...&code_challenge_method=plain&redirect_uri=https://myanimelist.net/profile/shikimaru

Paste url you were redirected to

https://myanimelist.net/profile/shikimaru?code=def5020...2&state=RequestID42

ERROR:root:POST https://myanimelist.net/v1/oauth2/token 400 invalid_request: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.
Traceback (most recent call last):
  File "C:\Users\hugok\workspace\nerdweek\toolbox\animelist\MAL-API-Client-Upgraded\mal_token.py", line 5, in <module>
    print(client.generate_new_token(client_id="3a53b6c1b22866763d08bbbb4f7488a3",
  File "C:\Users\hugok\workspace\nerdweek\toolbox\animelist\MAL-API-Client-Upgraded\malclient\client.py", line 117, in generate_new_token
    data = fetch_token_schema_2(client_id, client_secret, code_verifier, code, redirect_uri)
  File "C:\Users\hugok\workspace\nerdweek\toolbox\animelist\MAL-API-Client-Upgraded\malclient\client.py", line 61, in fetch_token_schema_2
    return api_handler.call(uri=uri, method="post", data=data)
  File "C:\Users\hugok\workspace\nerdweek\toolbox\animelist\MAL-API-Client-Upgraded\malclient\request_handler.py", line 28, in call
    self._parse_error(response, method, url)
  File "C:\Users\hugok\workspace\nerdweek\toolbox\animelist\MAL-API-Client-Upgraded\malclient\request_handler.py", line 111, in _parse_error
    raise BadRequest(response)
malclient.exceptions.BadRequest: 400 Bad Request - The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

If I remove the "redirect_uri" I have the following error.

malclient.exceptions.BadRequest: 400 Bad Request - The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

With that the client.refresh_bearer_token() works. But.

[YisusChrist]

Same happens to me. The complete detailed error in the HTTP response is the following:

{
  "error": "invalid_grant",
  "message": "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.",
  "hint": "Failed to verify `code_verifier`."
}

Everything seems to be correct in the request according to the API specification and the unofficial guide.

Adding the redirect_uri parameter does not solve the problem.