I’m working on integrating Miro’s OAuth flow into my application and I’m running into issues. I’ve been able to successfully get users through the authorization step and receive an authorization code back from Miro. However, when I try to exchange this code for an access token, I keep getting a 401 unauthorized error response.
I’ve double checked my client ID and client secret multiple times and they appear to be correct. The authorization code I’m using is fresh and hasn’t been used before. I’m making a POST request to the token endpoint with the proper parameters but still getting rejected.
Has anyone else encountered this issue when working with Miro’s OAuth implementation? What could be causing the 401 error during the token exchange process? Any suggestions on what I might be missing or doing wrong would be really helpful.
Had this exact issue a few months back - it’s usually a timing problem with the auth code. Those codes expire fast, like 10 minutes or less. If you’re testing manually or there’s any delay in your flow, the code’s probably expiring before you use it. Also make sure you’re sending the code_verifier parameter if you’re using PKCE - some OAuth flows require it. Check your Miro developer settings too. Sometimes the OAuth grant type gets accidentally changed and stops accepting authorization code exchanges.
I had this same issue before. It’s usually the redirect URI causing problems. Double-check that your redirect URI in the token request exactly matches what’s in your Miro app settings - same capitalization, trailing slashes, everything. Also make sure you’re using the right Content-Type header (application/x-www-form-urlencoded). One thing that trips people up: put your client ID and secret in the request body, not the Authorization header. Miro wants them in the body for token exchanges.