Redirect uri invalid
283 views
Skip to first unread message
Giri
May 4, 2015, 4:22:57 PM5/4/15
to clever-de...@googlegroups.com
I put redirct uri as demo.mydomain.com/oauth. When i append this as redirect_uri, I get following message
invalid_request- redirect_uri is not valid.
Do you know what could be the problem? Also, if I wan to run from localhost, I specified localhost:8080/oauth. It also gives same problem. How do I test from local host? I don't understand how clever can do redirection to localhost.
invalid_request- redirect_uri is not valid.
Do you know what could be the problem? Also, if I wan to run from localhost, I specified localhost:8080/oauth. It also gives same problem. How do I test from local host? I don't understand how clever can do redirection to localhost.
Taylor Singletary
May 22, 2015, 10:23:23 AM5/22/15
to clever-de...@googlegroups.com, sukumar...@gmail.com
Giri,
I just wanted to make sure you and anyone else reading got a public response to this great question -- thank you for also writing in to our support system, where our team worked further with you on this.
For posterity, here's a little bit of guidance specifically on redirect URIs:
1. Any time one of our OAuth methods (like /oauth/authorize or /oauth/tokens) asks you to provide a redirect URI, that value must match a redirect URI you've specified in your application record, exactly. No query parameters may change, no ports may change, no subdomains may change.
2. Our redirect URIs must be fully qualified -- a protocol must be present, such as http:// or https:// -- production apps must use HTTPS and development apps may use HTTP to make development easier.
3. If you need to test in multiple environments, such as localhost and demo.mydomain.com, populate your redirect URIs in your application with each variation: http://localhost:8080/oauth, https://demo.mydomain.com/oauth.
4. When you do provide redirect URIs to us in query strings or standard POST bodies, make sure you're encoding the redirect_uri value according to RFC 3986. Most web programming environments provide methods to do this easily. Not encoding your redirect URI will invalidate it.
5. The first redirect URI you specify is kind of special. When a district authorizes your app, we'll send it a request very similar to requests we send with students and teachers, except there will be no user. We call this a headless ping. For this functionality to work, you need your first URI position to be a URL accessible to our servers, which means on the public internet (not your localhost) and when using SSL, the certificate must be fully signed.
Thanks,
Taylor Singletary
Clever developer relations
Reply all
Reply to author
Forward
0 new messages