Google OAuth “invalid_grant” because of URL-encoded format

Yusuf Biberoğlu
2 min readFeb 23, 2023

If Instead of decoding the the url received you copied directly the code and passed to your API you got “invalid_grant” error


Decode from URL-encoded format;


Send request after decoded as below;

The superglobals $_GET and $_REQUEST are already decoded. Using urldecode() on an element in $_GET or $_REQUEST could have unexpected and dangerous results.

You can get code value without decode URL in php example;



My Udemy Course;

Symfony application using Google OAuth for authentication. When a user signs in through Google, our system will check if the user already exists in our database. If not, it will create a new user account. Once authenticated, either as a new or existing user, our application will generate a JSON Web Token (JWT). Built on the API Platform.

If you want a detailed explanation, please purchase my Udemy course.

Discount Coupon: AD25A625CB8976085C88