Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

OAuths redirect REST service fails to fetch Auth token



oAuth2 redirect REST Service fails to fetch the Authentication Token. A code request is sent from the browser, however, the access code request fails2

Error Messages

{ "errors":[ { "ID": "bad_request", "message":"state param missing in the request" } ] }

Steps to Reproduce

  1. Create an OAuth 2.0 provider.
  2. Create an Authentication profile that references the OAuth provider.
  3. In a section of a flow action, add an Information mashup control that references the Authorization profile.
  4. Click Connect. In a popup, there is a redirection to the Authentication server (AS). After authentication in the server, there is a redirection back to the server with code and state parameters in the URL. However, this fails.

Root Cause

A defect in Pegasystems’ code or rules.


Apply HFix-49573.

Note: A JVM bounce is required for the hotfix to take effect.


Published December 28, 2018 - Updated December 2, 2021

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us