Error during OAuth2 User-Agent Flow

I tried setting up a API connection with the API, but failed to do so using the User-Agent Flow.

The connection is working in Postman and I managed to get a connection when I send the API key in the Header.

For the User-Agent Flow I used the following setup:

I provided the correct client id and client secret and authorized the callback url on the bondora homepage.

Bondora does not provide a user endpoint so I left it blank.

When I start the login workflow in run mode (debug mode) I get redirected to the login of bondora and can succesfully log in and verify the scope. After verification I get redirected to my app’s homepage and get the following error message:

I tried to figure out what the problem is and could not get to a solution. Here are some of the thoughts I made on what might be going wrong:

There are some steps for the user-agent authorization:

  1. Send a GET request to the authorization endoint with the needed client id, scope and redirect url
  2. Enter your website specific credentials to login and authorize the GET request
  3. The website (Bondora) redirects you to the url entered during app registration or to the url provided in the request. The url’s must match partially. When redirected there will be a code in the url that will than have to be…
  4. …POSTed to the Token endppoint together with the client id and client secret to receive the access token

The Login is working well and I can see the code send by Bondora in the url so the first three steps must have been succesfull. I suspect there is an error when requesting the access token. A wild guess is that there is something wrong with the redirect url’s as they appear to be converted to asci twice (%2520 was originally a space)

I am sorry if this question is trivial, but I’m not very familiar with the processes in behind.

You can find the API documentation under

Kind regards

This should help:

Also if you want to work on this together, let me know.
I have not made any head way with the code myself, although I have been looking at the various filters etc… so if interested we can share thoughts.