Welcome to the Onshape forum! Ask questions and join in the discussions about everything Onshape.

First time visiting? Here are some places to start:
  1. Looking for a certain topic? Check out the categories filter or use Search (upper right).
  2. Need support? Ask a question to our Community Support category.
  3. Please submit support tickets for bugs but you can request improvements in the Product Feedback category.
  4. Be respectful, on topic and if you see a problem, Flag it.

If you would like to contact our Community Manager personally, feel free to send a private message or an email.


OAuth: 401 error when attempting to get a token

james_mann066james_mann066 Member Posts: 2
I'm in the process of handling the OAuth page lifecycle for an app in Onshape. I am using the guide called "Using OAuth 2.0 with Onshape" on the Developer Portal. I'm testing the page lifecycle in a crude manner via the OnshapeWindowsSample project from GitHub.

I've registered the application and setup the response page to be at localhost. Thats all good.
I direct the user to a URL from which they log in and I get back a "code" in the querystring. Thats also good.
But then I attempt to create a http form request containing some data plus the authorisation code from above. This is where I am getting a 401 error: "The remote server returned an error: (401) Unauthorized."

I'm getting this error using the exact code provided by Onshape on GitHub so I'm a little confused why I'm getting this error.

Any ideas?


  • Options
    awkawk Member, Onshape Employees, Developers Posts: 78
    The most likely cause is that the form you're posting is incomplete/incorrect. I'm not aware of any errors in the Windows sample, but it's certainly possible something has 'wobbled' 8-(

    The body of the form needs to contain the client ID, client secret, authorization_code (the code you get in the query string you mentioned) - additionally if you specified a redirect URL it needs to be included in the POST body too.

    Each of the parameters in the POST body need to be URL encoded - this especially important for the Client ID and secret since either or both may contain multiple trailing '=' characters which must be converted to '%3D' and must be in the POST body. You should only encode the individual values in the form - encoding the entire form will cause all the '=' characters to be replaced, including those required to separate form values & form keys.

    I've seen some higher level HTML/HTTP frameworks do the URL encoding of form values for you automagically. Which can mean that the form contents get double-encoded, which will also cause failures. Being familiar with the details of any helper framework you're using is a good thing :-)

    Lastly - if you want to email 'api-support@onshape.com' we can provide you with some more personalized support.
    Director of API, Appstore, and App Partner Technical Support
Sign In or Register to comment.