While OAuth 2 provides a much simpler approach to authorization than its predecessor, OAuth 1.0a, you still might encounter signature issues and provider errors when going through the workflow to generate or work with an access token. Fortunately, there are some processes, tricks, and tips to help us develop scalable authorization flows that can appropriately handle most of the errors or use cases that come up.
As with the OAuth 1.0a token exchange process, one of the best debugging methods that you can implement is simply to compare the data that you are sending via GET, POST, or the HTTP request header to the service provider. The solution to a signature mismatch issue can be as easy as dumping the payload that you are sending along, but the most important thing you can do to prevent this error is to ensure that the data that you are sending at each step matches the content that the provider requires.
There are several common payload issues to watch out for, including:
Misspelling one or more of the required keys. This is a simple issue to resolve but comes up quite often.
Implementers of the OAuth 2 specification may veer away from the specification requirements (and what is listed in this overview) by implementing a slightly different required key set or key naming convention, or even an older version of the draft specification. This can create situations where you send along the keys required for a particular step in the ...