Users unable to complete setup due to Error: Bad Request: missing parameter: ‘code’

Bug Description

There have been multiple reports over the past few days of users encountering an Error Bad Request: Missing parameter: ‘code’ error during plugin setup. This occurs when clicking on the “Continue” button at the OAuth stage.

There were reports of a similar error previously, with various different causes. In these cases the error was slightly different - invalid parameter: 'code' (screenshot) This has been documented internally and in some cases there has been a “re-do the plugin set up” option which did allow users to proceed.

One user (Not the original poster) was able to successfully complete setup after re-attempting. In this users cases they has encountered a 400 error on a Site Kit URL: https://sitekit.withgoogle.com/v2/site-management/setup/ 400

Another user who we suspect may be encountering the same reporting the below, indicating a possible permissions error. Another user, however, did specifically state they granted all permissions yet they encounter the same: https://example.com//?oauth2callback=1&authuser=0&error=access_denied&prompt=consent

Other users have reported the same after a site reset and after using the Health Check & Troubleshooting plugin, meaning no other plugins other than Site Kit active. Adam has tested the same hosting provider used by one reporter, without encountering any issue. Troubleshooting ongoing.

Reports:

• https://wordpress.org/support/topic/error-bad-request-missing-parameter-code | Open | SH info
• https://wordpress.org/support/topic/error-bad-request-missing-parameter-code-2 | Open | No SH info
• https://wordpress.org/support/topic/stuck-on-a-loop-set-up-site-kit/ | Open | SH info
• https://wordpress.org/support/topic/cant-install-sitekit-bad-request-missing-parameter-code-2 | Open | No SH info
• https://wordpress.org/support/topic/site-kit-error-bad-request-missing-parameter-code-2/ | Open | No SH info

It’s possible the below may also also experiencing the same error, based on the experience, with no mention of this specific error in the dashboard:

• https://wordpress.org/support/topic/accessdenied | Open | No SH info

Insights & Troubleshooting Checks performed

• Health Check & Troubleshooting plugin check - Same occurs
• Uninstalled and reinstalled plugin
• User confirmed no ““Critical errors”” in their Site Health status
• Attempted setup/viewing dashboards from another device
• Temporary disabled WAF rules at host level - including ModSecurity
• Checked site setup and dashboard from another WordPress site on the same hosting platform
• Reset Site Kit - Same occurs
• Reset previous site records (on the SK service)
• Disconnected Site Kit
• Checked does the same occur from another WordPress administrator account

Additional Context

• Recent reports all started with SK 1.73.0
• Unknown if these recent reports were all first time setup’s at this point
• Unknown if all the same hosting platforms at this point
• Unreproducible in support during testing so far

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

Implementation Brief

Test Coverage

QA Brief

Changelog entry