I’m building a .NET APS (Forge) app using the 3-legged OAuth Authorization Code grant. I followed the official tutorial and implemented:
GetAuthorizationURL() → redirects to Autodesk login
GenerateTokens(code) → exchanges the code for tokens
RefreshTokens() → refreshes tokens
Issue: When clicking the login link, instead of the expected Autodesk sign-in or consent screen, I see:
go
signin.autodesk.com/request-error “Request error – There was a problem opening this page.”
The browser console shows:
vbnet
Synchronous XMLHttpRequest on the main thread is deprecated … Affected resources: request-error:304
I’ve confirmed:
callbackUrl is registered correctly in my APS app settings
The URL scheme matches
Client ID/secret are correct and working in 2-legged flow
No CORS or network issues
I’ve found similar reports of SSO misconfigurations or missing SAML attributes, but:
I’m using default Autodesk account login (no SSO configured)
2-legged OAuth works fine — only the 3-legged flow fails at login redirect
What I’ve tried:
Verified callback matches exactly (including trailing slashes)
Tested on a different browser and cleared cache/cookies
Ensured Content-Type: application/x-www-form-urlencoded and Basic Auth header are correct
Questions:
Is anyone else seeing users get this generic request-error page on 3-legged login?
Could this be a backend issue with signin.autodesk.com, or am I missing something in my code?
Are there hidden prerequisites (e.g., scopes, callback URL patterns, SSO flags) not listed in docs?
Happy to share code snippets if that helps. Thank you!
