I am getting the Invalid Redirect URI while trying to authenticate. This is the first step to authenticating on the guide and I have literally copy-pasted the code into my browser and subbed in my Application Domain and Application ID and it says Please enter a valid redirect_URI. https://connect.deezer.com/oauth/auth.php?app_id=MyAppID&redirect_uri=MyRedirectURI
I had the same problem until I found out that unlike any other music streaming service, Deezer does not allow (or it's a bug) redirect uris that
contain a port like localhost:9000/deezer/callback
have a subdomain like cheapuri.noip.me
I guess co.uk then won't work either
It seems that the only thing that is working are "normal" uris like api.com.
The way I work around this when developing:
Let Deezer redirect you to some non existing uri, then change the uri in the browser bar.
I would double check that the redirect_uri in your /oauth request URL matches exactly that which is referenced in your oauth configuration/whitelist settings for Deezer.
Even the smallest difference like http vs https or including wwww., etc. can throw an error. You might find some of the tips in this OAuth Troubleshooting Guide helpful for other common OAuth errors to check, too!
The first item in that guide covers some common invalid redirect errors.
Related
I'm trying to configure a new Okta application with a callback URL that will depend on the tenant's subdomain. Meaning I need the same Okta app to accept redirection (using the redirect_uri parameter) to https://0001.my.domain.com/oauth2/callback, https://0002.my.domain.com/oauth2/callback and so on. Notice the 0001 and 0002 subdomains. This may seem strange, but it's for demo purposes. The point is to avoid having to set up a different Okta app per tenant.
Okta's own docs on the subject read:
Does your Initiate Login URI vary by tenant? — If Yes, enter which part of the Initiate Login URI is customizable. For example, the subdomain in https://<subdomain>.example.com/signin/.
However, when I try to do this I run into an error complaining that:
The redirect URIs must be absolute URIs.
Maybe I'm just reading this wrong, but I take it to mean that variables/placeholders are supported.
I've searched the rest of the Okta docs but found no additional information on the subject.
If Okta let you do this, it would not be OAuth 2.0 compliant.
See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-16#section-2.1:
When comparing client redirect URIs against pre-registered URIs, authorization servers MUST utilize exact string matching except for port numbers in "localhost" redirection URIs of native apps.
https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/graph-oauth?view=odsp-graph-online#step-1-get-an-authorization-code
I have followed this step to a tee, login with success, get redirected, and there is no code with the redirect url as the tutorial promises.
The following link is my version with the credentials.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=a383dd3b-8306-4902-93d3-f5a33fe4a445&scope=Files.Read&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
I get taken to this page and sign into an account under the same namespace. Login view
After signing into a proper login, all I get in return is redirected to my redirect URI with no code attached to the end like the tutorial says I should. All I need is access to 3 files on my onedrive, but I can't seem to make it past OAuth2. Here is what I get redirected to. https://login.microsoftonline.com/common/oauth2/nativeclient
From first look it seems that the redirect_uri is wrong. This should be the endpoint where you receive the authorization code and then exchange it for the rest of the OAuth process.
I work with Pathfix and we solve the problem of OAuth token management using a serverless infrastructure.
To summarize, here is what your url should look like
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=a383dd3b-8306-4902-93d3-f5a33fe4a445&
scope=https://graph.microsoft.com/Files.ReadWrite.All%20offline_access&
response_type=code&
redirect_uri=https://your endpoint
An additional note on the scope. Note above that the scope definition for token should be as I have specified above
It all works the same. I just made sure my app was open to all tenants and replaced the .com with .us in all links but the redirect uri. Hopefully, this helps someone else. For example, my data is on a sharepoint, but the microsoft graph api works the same for all accounts with a difference in .us, .com, and few others.
I'm getting a redirect uri error for google authentication even when I've already placed the EXACT url in the google dev console config settings. Anybody know what could trigger such an error?
Below are screenshots of the error. I have the exact uri authorized in the settings yet trying to authenticate leads to a redirect_uri error!
I just figured this out. If you're ever as dumb as me and your google app has multiple client IDs you could be using a different client ID for authorization then the one you're setting your redirect uri to. When you're changing the redirect uri, check to see if you have another client_id and set the redirect_uri for that.
I created a Google OAuth 2.0 ClientID and secret in Google Developer console
After that I tested in Google OAuth playground (https://developers.google.com/oauthplayground).
and registered ClientID and secret already created above and applied to Google OAuth 2.0 playground setting menu.
Some people say that after creating ClientID/secret they need some time for testing. So after two days I tried to test in the same conditions but the error is same redirect_uri_mismatch.
How can I solve this?
As little as having a '/' at the end of your uri and not having the same '/' at the end in your code will throw it off.
Your site URL and the Authorized redirect URIs in developer console should be the exact match.
This kind of error occurs if one URL has www (http://www.example.com) and the other URL is non-www (http://example.com).
Other common URI mismatch are:
Using http:// in Authorized Redirect URIs and https:// as actual URL, or vice-versa
Using trailing slash (http://example.com/) in Authorized Redirect URIs and not using trailing slash (http://example.com) as actual URL, or vice-versa
Here is the step-by-step procedure (with screenshots) to update the Authorized redirect URIs in Google Developer Console (For those like me who found it difficult to get to that page).
Go to https://console.developers.google.com
Select your Project
Click on the menu icon
Click on API Manager menu
Click on Credentials menu. And under OAuth 2.0 Client IDs, you will find your client name. In my case, it is Web Client 1. Click on it and a popup will appear where you can edit Authorized Javascript Origin and Authorized redirect URIs.
Here is a Google article on creating project and client ID.
It should be a exact match what you have given in the console.developers.com.
In my case I missed the www in the url.
For eg: you have given http://www.google.com but in console.developers.com you gave http://google.com
It will still throw error. So it should be exact match.
The redirect URI (where the OAuth response is returned to) has to be registered in Google APIs console, and the error is indicating that you haven't done that, or haven't done it correctly.
Go to the console for your project and look under API Access. You should see your client ID & secret there, along with a list of redirect URIs. If the URI you want isn't listed, click edit settings and add the URI to the list.
I kept getting this same error until I realized that I needed to put "signin-google" at the end of the redirect setting in the Google API console, like this (ie, NOT http://www.example.org/api):
http://www.example.org/api/signin-google
(Magento 1.*) if You use inchoo Social Connect Magento extension then:
Set below url in your google app (OAuth 2.0 client IDs):
Authorized Redirect URIs: http://www.example.com/socialconnect/google/connect/
Authorized JavaScript Origins: http://www.example.com
Don’t forget to replace http://www.example.com with your domain
Please make sure that in your google-client-api, the value of credentials in these field are matched as what you got from Google API console:
$client->setClientId('xxx.apps.googleusercontent.com');
$client->setClientSecret('xxx');
$client->setRedirectUri('http://example.com/oauth2callback');
$client->setDeveloperKey('xx');
This could happen when the value of setRedirectUri is different from the one you set in Google API console.
I am Creating and Authorizing an OAuth Token according to this webpage: https://code.google.com/p/google-mail-oauth2-tools/wiki/OAuth2DotPyRunThrough
But I got this error: redirect_uri_mismatch.
The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI
from_login=1
cookie_policy_enforce=false
scope=https://mail.google.com/
response_type=code
access_type=online
redirect_uri=urn:ietf:wg:oauth:2.0:oob
as=-80019291b2cb8ed
display=page
pli=1
client_id=......
authuser=0
hl=en
I thought this might be helpful: Google OAuth 2 authorization - Error: redirect_uri_mismatch
But when I try to register the redirect url to my console, I was told that the url is invalid.
The redirect_uri (urn:ietf:wg:oauth:2.0:oob) is only applicable to those Google client ids that have been generated for installed applications. You can go to your console and create a new client id of this type.
Just in case if you're using Google+ javascript button (with web application), you have to put postmessage instead of actual URI. It takes me almost whole day to figure out this, because Google docs doesn't clearly stand it for some reason.
For my web application i corrected my mistake by writing
instead of : http://localhost:11472/authorize/
type : http://localhost/authorize/
When you register your app at https://code.google.com/apis/console and
make a Client ID, you get a chance to specify one or more redirect
URIs. The value of the redirect_uri parameter on your auth URI has to
match one of them exactly.
Please note that the 'redirect_uri' value of the Token request need to be the same as the 'redirect_uri' value of the Authorization request.
Lost 4 or 5 hours with this... use 'postmessage' as parameter value, not the real Redirect Uri...
$client->setRedirectUri('postmessage');
For anybody that is still stumped with this problem, you must have the 'Platform' set to 'Native (Windows Mobile, Blackberry, desktop, devices, and more)' when registering your app in the Google Cloud Console, otherwise, it will not let you use 'urn:ietf:wg:oauth:2.0:oob' as the redirect URI.
In my case, instead of creating web app, i just chose Other in:
OAuth Client ID > Other
and thats it.
2015July15 - working signin started causing Error 400 with Error: redirect_uri_mismatch
i posted a solution on a similar SO QUESTION: changed loading script to
<script src="https://apis.google.com/js/client:platform.js?onload=startApp></script>
For my native app, I tried dozens of different things. I finally got it to work by using "redirect_uri=http%3A%2F%2Flocalhost%3A1234" where 1234 is the port number. This has to be identical in the two requests (authorization code and the access token). Notice the use of percent encoding.
I was getting this error, because I was incorrectly following the steps for installed application flow here
https://github.com/googleads/googleads-python-lib/wiki
instead of the server to server flow.
The easiest way is to create the service account.
Create the document using your own account and share it with the service account.
redirect_uri must be an EXACT MATCH on the developers console.
In my case, this was due to a trailing slash( / ).
In the Google Cloud console, I had http://localhost:8080 under the redirect URIs in the list while my code was sending http://localhost:8080/ while making the oAuth call.