Welcome to the Panopto Community

Please note: All new registrants to the Panopto Community Forum must be approved by a forum moderator or admin. As such, if you navigate to a feature that is members-only, you may receive an error page if your registration has not yet been approved. We apologize for any inconvenience and are approving new members as quickly as possible.

Getting 400 status code on making a POST request to the OAuth2 Token URL

I'm following this document (https://support.panopto.com/s/article/How-to-Get-OAuth2-Access-Tokens-for-Users) to get an access token for accessing the Panopto APIs. I have generated a code value via the redirect URL, but after making a POST request to the OAuth2 token URL (https://<server>/Panopto/oauth2/connect/token), I'm getting a response status code of 400.

Can someone please help with this?



  • Options

    Colleague of Diksha's. Adding some additional details about our OAuth construction for confirmation that we are not missing anything per the documentation listed in https://support.panopto.com/s/article/How-to-Get-OAuth2-Access-Tokens-for-Users.

    Auth URL: https://deshaw.hosted.panopto.com/Panopto/oauth2/connect/authorize?client_id=d824ca1e-b461-48fb-97d6-b0b1004b310c&scope=openid%20api&redirect_uri=http%3A%2F%2Flocalhost%3A9127%2Fredirect&response_type=code&nonce=ab5da41bb367422721a61cdbfa12b357

    The python code that we are running (resulting in a 400 status code) after getting the code value:

    import requests
    url = "https://deshaw.hosted.panopto.com/Panopto/oauth2/connect/token"
    headers = {
        "Content-Type": "application/x-www-form-urlencoded",
        "Authorization": "Basic <base 64 of client_id:client_secret>"
    data = {
        "grant_type": "authorization_code",
        "code": "<code value got via redirect url>",
        "redirect_uri": "http://localhost:9127/redirect"
    response = requests.post(url, headers=headers, data=data)

    The API client details

  • Options
    Kevin BaumKevin Baum Panopto Employee

    Hi Diksha and Carrie,

    Thank you for the detailed information. I was able to look a little deeper at this, and noticed that we are logging an error on our side that the client secret is incorrect. Are you able to see if your response includes an "invalid_client" error?

    I'd suggest trying to generate a new client secret value, and see if that helps solve the issue. You can do that by editing the API client, selecting the "Generate" button to create a new secret (and copying it somewhere else), then selecting the "Save" button to store the new client secret value. Once you've done that, please try the call again using the client ID and new client secret values, and see if that resolves the issue.

    If that doesn't help solve it, or if you have any other questions, please let me know.



Sign In or Register to comment.