#OAuth Issues with Redirect URI

When I try to get my access token in Python, I get the error:
{'error': 'invalid_grant', 'error_description': 'authorization code was issued for a different redirect_uri'} However, I am certain I am passing the redirect_uri exactly the same as in the /oauth endpoint. Anyone have any clue why this might be? Here is my code:

ROOT_URL = "https://lichess.org"
REDIRECT_URI = "http://localhost:8000"
CLIENT_ID = "My-Client"

def get_oauth_url(challenge):
    params = {
        "response_type": "code",
        "client_id": CLIENT_ID,
        "redirect_uri": REDIRECT_URI,
        "code_challenge_method": "S256",
        "code_challenge": challenge,
        "scope": 'email:read'
    }
    return f"{ROOT_URL}/oauth?{urlencode(params)}"

def get_oauth_token(auth_code, verifier):
    body = {
        "grant_type": "authorization_code",
        "code": auth_code,
        "code_verifier": verifier,
        "client_id": CLIENT_ID,
        "redirect_uri": REDIRECT_URI
    }
    response = requests.post(f"{ROOT_URL}/api/token", data=body)
    return response.json()

def generate_pkce_codes():
    # Generate a random code verifier
    code_verifier = secrets.token_urlsafe(64)

    # Calculate the code challenge using SHA-256
    code_challenge = base64.urlsafe_b64encode(
        hashlib.sha256(code_verifier.encode("ascii")).digest()
    ).decode("ascii").rstrip('=')

    return code_verifier, code_challenge

if __name__ == '__main__':
    verifier, challenge = generate_pcke_codes()
    url = get_oauth_url(challenge)
    webbrowser.open(url)
    auth_code = input('Auth Code:').strip()
    token = get_oauth_token(auth_code, verifier)

Currently manually copying the code into the program for testing. Any help would be greatly appreciated

when you do requests.post(f"{ROOT_URL}/api/token", data=body)

what's the request body format?

https://lichess.org/api#tag/OAuth/operation/apiToken says it must be application/x-www-form-urlencoded

It should be in the correct format, from what I understand, the requests library converts the data dictionary to application/x-www-form-urlencoded when it sends it.

Also if I send an incorrect code on the endpoint I get an error saying so. So it is definitely parsing the payload correctly to some degree

One thing to try is to add a trailing slash to the redirect uri.
I remember I needed to add that at some point, but I don't remember what the error was when it wasn't included...
https://github.com/tors42/lichess-oauth-pkce-app/commit/02e013f1dfdbee66a1bcec4ebd2ab67b7db2d476

Oh my god that was it you just saved my life

Thank you!