Help with Merchant POST Authorization

I am having trouble obtaining a valid authorization response following merchant authorization.

I am following this page guide but doesnt seem to work.
https://poynt.github.io/developer/cloud/integrating-with-poynt-cloud-apis.html#authorize-merchant

Steps 1-12 I have completed successfully without an issue.

I am not getting past step 13 however. I am confused because Ive tried several different approaches but none are working. Here is my PHP code I am using, i will show you both approaches.

//Here I am passing a self signed JWT that I created using the correct claim parameters and encoded RS256 (I know the JWT is correct because when I authenticate with the application, I am getting a proper JSON response. see below)

//here is the client auth redirect function which handles the json post data and then pushes
// the code value into the next authorization request, as the guide tells me to do.

public function authorization_redirect(){

$returnPOST = $this->input->get();
//var_dump($returnPOST);
$this->ajaxdata['businessID'] = $returnPOST['businessId'];
$this->ajaxdata['code'] = $returnPOST['code'];
$status = $returnPOST['status'];

//$accessJSON = send_curl();
echo "<h1>AUTHORIZATION RETURN DATA</h1>";
var_dump($returnPOST);

if($status=='success'){
echo "<h2>ATTEMPTING TO GET JWT ACCESS TOKEN</h2>";
$this->jwt_api_poynt();
}

}

/**
* Used after initial client authorization is complete to
* generate JWT accessToken for all successive API calls	
*/
public function jwt_api_poynt(){
//get signed JWT from app JWT which
//$tokenJSON = $this->send_jwt_curl($this->firebase_jwt_rsa());
$tokenJSON = $this->firebase_jwt_rsa(); //this creates my encoded JWT
var_dump($tokenJSON);

$this->ajaxdata['accessToken'] = $tokenJSON->accessToken;	
$this->send_api_curl($tokenJSON);
}

public function send_api_curl($tokenJSON=NULL){

$authorization = "Authorization: Bearer " . $tokenJSON;
//$authorization = "Authorization: Bearer " . $tokenJSON->accessToken;

$data = http_build_query(array(
'grant_type' => 'authorization_code',
'redirect_uri' => site_url('ajax/poynt_api_redirect'),
'client_id'=> $this->ajaxdata['client_id'],
'code' => $this->ajaxdata['code']
));

echo '<h2>Authorization JWT Signed</h2>';
echo $authorization;
echo '<h2>Code Access Token</h2>';
echo $this->ajaxdata['code'];
echo '<h2>JSON Data Array</h2>';
echo $data;

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://services.poynt.net/token');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(	'Accept: application/json', $authorization));	
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

$information = curl_getinfo($ch);
//var_dump($information);
//return false;

$result = curl_exec($ch);
curl_close($ch);

echo '<h1>AUTHORIZATION RETURN DATA</h1>';
var_dump(json_decode($result));

return json_decode($result);	

}

Here is the response I am getting

object(stdClass)#24 (5) { ["code"]=> string(19) "UNAUTHORIZED_ACCESS" ["httpStatus"]=> int(401) ["message"]=> string(49) "Access not authorized for the requested resource." ["developerMessage"]=> string(39) "Authorization code is not a valid code." ["requestId"]=> string(36) "cfbef920-6a93-402d-997d-35140317081f" }

Ok, so instead I try sending a POYNT SIGNED APP JSON accessToken

//Here is the response from my application authorization to /token using my self signed JWT, you can see the server is sending me an accessToken.

object(stdClass)#24 (5) { ["expiresIn"]=> int(86400) ["accessToken"]=> string(815) "eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJ1cm46YWlkOmExZGUyODI5LTk1YWUtNDI2ZS05MDA5LWE3NzdhYzY2OTYzMiIsInN1YiI6InVybjphaWQ6YTFkZTI4MjktOTVhZS00MjZlLTkwMDktYTc3N2FjNjY5NjMyIiwicG95bnQuc2N0IjoiSiIsInBveW50Lm9yZyI6IjY0YTQzMGFkLWU3YmYtNDY3Yi1iMWY2LTJkM2U4Y2MwMmVkMyIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy5wb3ludC5uZXQiLCJwb3ludC5raWQiOjYxNTUyNDYxNTI4MjcxNDE3NzcsInBveW50LmF0eSI6IlMiLCJleHAiOjE1NTA4NDc3MDEsImlhdCI6MTU1MDc2MTMwMSwianRpIjoiNDkzMGFlMzYtMTk1NC00NDI5LWJlODgtNTZkZWY5ZmE4OGZkIn0.xU_XVl6GBdwt5MLQfRWhCXBEpk5ByIPm3k0QBW6UT4cZif5uJo0pFI0cGSOk7LUokNAZzJRppEe8LHIUv49YjnG2OIJD4CeoHy--iWnDpk73h_CZ_pwj000P1GRJ0OVOReFIzvYHlxR9n0fUOIEfRo4wdmiH646Gt5IOCscViuVJ0BrWtMsyxD8iyWkMOLkXXpNKTzB-W4ShOs1ePdXoKVFax3qpv73F3rEbr3Z6bjYLx0IQEYL3l7IxS1fl2EYscDd46WMoml8xZKUsse30rWFMn10M2s_VUeUno_RP4IsYRnIjMLEEj-IjHR0-qImvabLvTpqhqMLguNogcaAwyQ" ["refreshToken"]=> string(136) "1:2:1:2:MLLq0dM/1Tgl7DUyq0Y0pmQUMHu3ObOmGchEp5mvVtafvXmKOWN7SxJfNRfZvRxqMq0gxWMzehFdWv6cYMuJst9lxNuPOL0J31yDqqCmQEnXUBrhvGCE9kIECC56HpOB" ["scope"]=> string(3) "ALL" ["tokenType"]=> string(6) "BEARER" }

I extract the accessToken and use it in my header like this

$authorization = "Authorization: Bearer " . $tokenJSON->accessToken;

but the response I am getting is

object(stdClass)#25 (5) { ["code"]=> string(17) "INVALID_PARAMETER" ["httpStatus"]=> int(400) ["message"]=> string(30) "Parameter provided is invalid." ["developerMessage"]=> string(102) "Issuer not application type cannot use authorization code grant. Issuer is: https://services.poynt.net" ["requestId"]=> string(36) "f2c4c479-f8cb-483b-8ec1-70fa74d1f448" }

What is going wrong here?

I got it working. My code was correct, I just had to clear cookies/cache and re-authorize my test merchant account.

Same response exactly what I was hoping for.

object(stdClass)#24 (5) { [“expiresIn”]=> int(86400) [“accessToken”]=> string(911) “eyJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJ1cm46YWlkOmExZGUyODI5LTk1YWUtNDI2ZS05MDA5LWE3NzdhYzY2OTYzMiIsInN1YiI6InVybjphaWQ6YTFkZTI4MjktOTVhZS00MjZlLTkwMDktYTc3N2FjNjY5NjMyIiwicG95bnQudWlkIjo5NjA5NTkxMiwicG95bnQuc2N0IjoiSiIsInBveW50Lm9yZyI6IjY0YTQzMGFkLWU3YmYtNDY3Yi1iMWY2LTJkM2U4Y2MwMmVkMyIsInBveW50LmJpeiI6IjNlMGQwZjczLTYxMzAtNGU2ZC04YWU1LTVjNzg5OTA3ODg3MSIsImlzcyI6Imh0dHBzOlwvXC9zZXJ2aWNlcy5wb3ludC5uZXQiLCJwb3ludC5raWQiOjYxNTUyNDYxNTI4MjcxNDE3NzcsInBveW50LmF0eSI6IlMiLCJleHAiOjE1NTA4NDk5MjgsImlhdCI6MTU1MDc2MzUyOCwianRpIjoiYWMzN2YzY2YtOWYyZi00MTgzLWI5MTItN2M5ODRjMjUyMzYxIn0.EzknhPEOirxuZ0l_us9xUNrm2bd9KmU5ZH3-YLP5rNmlg55K5IplnDpeCJK7RDTWL5ID31zeYwJAdAgoBA4febA_RpEQYfZ10tItrE-JUzF5JdQVEz40tXkY4L12MyTlZisfb1wkH3N3smwWvR4ujqzac87tC3GslFMGMWSKDubNzj1PLLAlluQZW1H4mf6z7KHiodI5BxBBE8LPHWIgD8TE5hGLxe79MHE1UJWkQ-mPbTqpB8qdtgKYuRchrouWQzFcbomgvEykmyy4mS3zsx4HhzRpQNfXgnsWxQOYazzZ0EvZY5rxbbvr7cxKAjMGoei4YI6X9Gxfj_cpkPR2Hw” [“refreshToken”]=> string(116) “1:2:1:2:EJLme54TrYspQo3aS5qrP2lRahaw9UivADzl7wb45lPAa5kToBEsUxT+ZPQp6hz0jjnhAZMJDVyebksyxgUN/7K8DVd5ISPMVJs2RmSELN0=” [“scope”]=> string(3) “ALL” [“tokenType”]=> string(6) “BEARER” }