Stuck on a persistent 403 Forbidden response when attempting to exchange an authorization code for an access token using the OAuth2 token endpoint. Our AppFoundry partner application is designed to manage security compliance configurations across multiple Genesys Cloud organizations via multi-org OAuth flows. The application successfully redirects the user to the Genesys Cloud authorization server and receives the authorization code in the callback URL. However, the subsequent POST request to https://login.mypurecloud.com/oauth2/token fails with a 403 status code.
The error response body indicates that the client credentials provided in the request body are invalid or unauthorized for the specific scope requested. We have verified that the client_id and client_secret match the registered application details in the Genesys Cloud admin console for the partner organization. The scope requested is admin:organization:read, which should be sufficient for our use case. The issue appears to be isolated to the token exchange step, as the initial authorization request completes without error.
{
"code": "403",
"message": "The client credentials provided are invalid or unauthorized for the requested scope."
}
We are using the Genesys Cloud Platform API v2 endpoints and have tested this flow in both the US and EU environments. The problem persists across different organizations, suggesting it is not an issue with a specific tenant configuration. We have also confirmed that the redirect URI matches exactly with the one configured in the application settings. Any insights into potential misconfigurations or additional requirements for multi-org partner applications would be greatly appreciated.