Refer to the API Authentication docs; there are a great many things wrong with the URL in the question (at least 5).
For starters, it's to the wrong path. stackoverflow.com/oauth/authorize gives helpful messages/results like:
-
Oops! Something Bad Happened!
-
Authorization attempt not valid for current user
-
Authorization attempt unauthorized
-
Couldn't parse ticks (etc)
None of these messages hint at the real problems.
Anyway the correct URL per the (incorrect) docs is https://stackoverflow.com/oauth/dialog.
But it's more correct to use: https://stackexchange.com/oauth/dialog.
All the extra and redundant parameters you were passing are normally ignored (or sometimes throw an error).
The correct way to get an access token is like:
https://stackexchange.com/oauth/dialog?client_id=14702&scope=no_expiry&redirect_uri=https://stackexchange.com/oauth/login_success
(Click it and see)
If you want to pass additional security values, they must be the state parameter.
For example, calling:
https://stackexchange.com/oauth/dialog?client_id=14702&scope=no_expiry&redirect_uri=https://stackexchange.com/oauth/login_success&state=nonce=HDE6GdCU,ticks=636889445649720585
Note the comma-separated values.
The above call yields:
https://stackexchange.com/oauth/login_success#access_token=nUh_no_peaking_f8xkByw))&state=nonce%3dHDE6GdCU%2cticks%3d636889445649720585
Where state decodeURIComponent decodes to: state=nonce=HDE6GdCU,ticks=636889445649720585 (the value passed in).
