Application exchanges the authorization code with an access token from Alpaca

I have been trying to integrate the APIs for getting client account auth token but always get

I am passing right param for the fields as per api

curl -X POST https://api.alpaca.markets/oauth/token \
  -d 'grant_type=authorization_code&code=67f74f5a-a2cc-4ebd-88b4-22453fe07994&client_id=fc9c55efa3924f369d6c1148e668bbe8&client_secret=5b8027074d8ab434882c0806833e76508861c366&redirect_uri=https://example.com/oauth/callback'

but keep getting the error as below

{
    "message": "forbidden."
}

Can someone suggest if integrated successfully?

I’m having the same issue, it suddenly stopped working for some reason

Yup, same issue. My implementation hasn’t been touched in days, worked fine until now.
Been trying to debug this for hours now, thought I was going nuts until finding this.

Feather Finance is having the same issues with all new OAuth access.

A few things to note::

• Yesterday’s Core API Maintenance seems to have broken our OAuth flow.
• Feather Finance’s OAuth code has not changed in 3 weeks (and everything was working smoothly until yesterday)
• existing access_tokens are still working, but we cannot generate new ones
• To troubleshoot we created a New Connected App, and tried to do the OAuth flow in Postman, but Postman is throwing the same error message.
• We also generated a new Client Secret to see if the old one had been invalidated, but the oauth/token returns the same error message with the new Client Secret.
• What’s most puzzling to us is that the TradingView integration does NOT seem to be impacted by this. I linked my Alpaca account to my TradingView account for the first time this morning…

@Dan_Whitnable_Alpaca, just wanted to make sure you are aware of this thread – yesterday’s maintenance seems to have broken the OAuth flow for many apps.

Thanks,
Xavier

Thanks, looks like it has been fixed. Works perfect now.