Invalid parameter: redirect_uri

[Byrne Reese]

Not sure what I am doing wrong here. I am using node.js to authorize a user via OAuth (server side). I keep getting the following error:

Response: {"error_description":"Invalid parameter: redirect_uri","error":"invalid_grant"}

Here is my debug output:

obtaining oauth token for code: 6f052be098894a6798deec4a6470d967

data: " redirect_uri=http%3A%2F%2Flocalhost%3A4000%2Fbegin&grant_type=authorization_code&client_id=xxxxxxxx&client_secret=xxxxxxxx&code=6f052be098894xxxxxxec4a6470d967"

Response: {"error_description":"Invalid parameter: redirect_uri","error":"invalid_grant"}

Here is my code:

    this.disqus_auth = function (req, resp, params) {

        var self = this;

        var code = params.code;

        console.log("obtaining oauth token for code: " + params.code);

        var post_data = querystring.stringify({

            'redirect_uri' : 'http://localhost:4000/begin',

            'grant_type'   : 'authorization_code',

            'client_id'    : geddy.config.disqus_apikey,

            'client_secret': geddy.config.disqus_secret,

            'code'         : params.code

        });

        console.log('data: "',post_data+'"');

        var post_options = {

            host: 'disqus.com',

            port: 443,

            path: '/api/oauth/2.0/access_token/',

            method: 'POST',

            headers: {

                'Content-Type': 'application/x-www-form-urlencoded',

                'Content-Length': post_data.length

            }

        };

        // Set up the request                                                                                                               

        var post_req = https.request(post_options, function(res) {

            res.setEncoding('utf8');

            res.on('data', function (chunk) {

                console.log('Response: ' + chunk);

            });

        });

        // post the data                                                                                                                    

        post_req.write(post_data);

        post_req.end();

    };

[Burak Yiğit Kaya]

Well, you don't need (and cannot use) a redirect URL when obtaining a valid token for an OAuth approval code. The example request on our API page lists `redirect_uri` for the access_token request which doesn't look accurate.

I'll get it fixed, thanks for the heads up and sorry for the confusion! :)

--
You received this message because you are subscribed to the Google Groups "Disqus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to disqus-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
BYK

[Byrne Reese]

Thanks for looking into this!

FYI - removing this parameter from the requests results in a different error: 

{"error_description":"Missing required parameter: redirect_uri","error":"invalid_request"}

You received this message because you are subscribed to a topic in the Google Groups "Disqus Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/disqus-dev/_LzgERy6dpM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to disqus-dev+...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

-- 
Byrne Reese

[Burak Yiğit Kaya]

Yeah, sorry about that. Apparently I don't know how to read specs lol.

You need this parameter if you have passed it with your first, "code request" and they should be the same as my colleague Ted dug out: http://tools.ietf.org/html/rfc6749#section-4.1.3.
The error message we provided was a poorly worded one, which we aim to fix.

--
BYK

[Byrne Reese]

That fixed the problem. OMG - thank you!

Setting the redirect_uri to the same in both places fixed everything.

-- 
Byrne Reese

[Chris Morton]

SERIOUSLY the disqus API SUX big nuts...i have been tackling it for 3 days now and have had nothing but trouble. i am a developer with 10 years experience and have integrated many other services, none of them have given me as much trouble as DISQUS. luckily for you our customer is insisting we use disqus...if was up to me i would drop it like a hot potato...

anyway did anyone find a solution for this error:  {"error_description":"Invalid parameter: redirect_uri","error":"invalid_grant"}

from my  AS PER the useless DISQUS documentation auth request url:

https://disqus.com/api/oauth/2.0/access_token/?grant_type=authorization_code&client_id=sS4ev3TiAT4EHLOhzrVTJSKmZKv2aVDLzPJ3dSbTOuuntgG6ZG5A2lsHeIj9EGPE&client_secret=3kxlilB6r8SHpQDuwiE7wC8G4gvb6zwOH5cQzhCX5oZbEO4RLTpKX8bGxtm6yAnU&redirect_uri=http%3A%2F%2Fone.om%2Fdisqus-testingpage&code=66d42290746b4128b21161cf1f79f0a1

here is a dump:

 "https://disqus.com/api/oauth/2.0/access_token/?grant_type=authorization_code&client_id=sS4ev3TiAT4EHLOhzrVTJSKmZKv2aVDLzPJ3dSbTOuuntgG6ZG5A2lsHeIj9EGPE&client_secret=3kxlilB6r8SHpQDuwiE7wC8G4gvb6zwOH5cQzhCX5oZbEO4RLTpKX8bGxtm6yAnU&redirect_uri=http%3A%2F%2Fone.om%2Fdisqus-testingpage&code=66d42290746b4128b21161cf1f79f0a1" string(494) "HTTP/1.1 100 Continue HTTP/1.1 400 BAD REQUEST Server: nginx Date: Thu, 15 May 2014 11:59:00 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 15 May 2014 11:59:00 GMT Vary: Cookie Last-Modified: Thu, 15 May 2014 11:59:00 GMT Cache-Control: max-age=0 X-Frame-Options: SAMEORIGIN p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM" {"error_description":"Invalid parameter: redirect_uri","error":"invalid_grant"} "

[Burak Yiğit Kaya]

The error message is pretty clear about the cause I think. Drop the `redirect_uri` parameter from your `authorization_code` request and it should be good.

--

You received this message because you are subscribed to the Google Groups "Disqus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to disqus-dev+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
BYK

[Chris Morton]

yes fixing the url to the original request url works...DISQUS if you want developer to support ur API please update ur documentation and make your api more robust with proper error messages...

here is my code for any developers forced to work with this inferior API:

function loginSSO () {

 

    

 $url = 'http://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI];

    $lhtml = '';

    if (!empty($_SESSION['user']['_id'])){

      

        $data = array(

               "id" =>$_SESSION['user']['_id'],

               "username" =>$_SESSION['user']['name'],

               "email" =>$_SESSION['user']['email']

           );

    

        $message = base64_encode(json_encode($data));

        $timestamp = time();

        $hmac = self::dsq_hmacsha1($message . ' ' . $timestamp, DISQUS_SECRET_KEY);

$aurl = 'https://disqus.com/api/oauth/2.0/authorize/?';

$fields = array(

'client_id'=>DISQUS_PUBLIC_KEY,

'remote_auth_s3'=>$hmac,

'scope'=>'read,write',

'response_type'=>'code',

'access_token'=>DISQUS_ACCOUNT_OWNER_ACCESS_TOKEN,

'redirect_uri'=>urlencode(self::trimquerystring('http://'.$_SERVER[HTTP_HOST].'/disqus-iframe'))

);

foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }

$fields_string = rtrim($fields_string, "&");

$authurl = $aurl.$fields_string;

echo '<iframe src="'.$authurl.'" style="display: none;" id="disqusiframe"></iframe>';

        

        if (!empty($resp)) {

         // var_dump($resp);  

            

        }

        

        

     

    }

    else {

        $lhtml = '

       

        <div>

        To automatically login to one.om to use Disqus using your one.om account.<hr/>

        </div>';

    }

  

  

  $sso = self::dsq_sso();

  

  if ($sso) {

            foreach ($sso as $k=>$v) {

                $soojs .=  "this.page.{$k} = '{$v}';\n";

            }

       

    }

    $html .= '

    <div id="disqus_thread"></div>

    <script type="text/javascript">

      var authcodeval;

      $(function() {

 console.log(\'xcxxc\');

 var cookiestring= RegExp("disqusauthcode[^;]+").exec(document.cookie);

 authcodeval =  unescape(!!cookiestring ? cookiestring.toString().replace(/^[^=]+./,"") : "");

 var url = window.location.search;

 console.log(url);

 if(authcodeval && url == \'\' || authcodeval && url.match(\'code\').length == 0) {

window.location.href = window.location.href + \'?code=\' + authcodeval;

 }

      });

      

    </script>

    

    

      <script type="text/javascript">

      

/* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */

var disqus_url = \''.$url.'\';

var disqus_identifier = \''.self::dsq_identifier_for_post().'\';

var disqus_container_id = \'disqus_thread\';

var disqus_domain = \'disqus.com\';

var disqus_shortname = \''.self::getshortname($url).'\';

var disqus_title = \''.self::getpagetitle($url).'\';

//var config = this;

    

/* * * DON\'T EDIT BELOW THIS LINE * * */

(function() {

   var dsq = document.createElement(\'script\'); dsq.type = \'text/javascript\'; dsq.async = true;

   dsq.src = \'//\' + disqus_shortname + \'-one-om.disqus.com/embed.js\';

   

   //console.log(dsq.src);

   

   (document.getElementsByTagName(\'head\')[0] || document.getElementsByTagName(\'body\')[0]).appendChild(dsq);

})();

      </script>

      <noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>

      <a href="http://disqus.com" class="dsq-brlink">blog comments powered by <span class="logo-disqus">Disqus</span></a>';

   

$authcode = $_GET['code'];

//'redirect_uri'=>self::trimquerystring('http://'.$_SERVER[HTTP_HOST].$_SERVER[REQUEST_URI]),

if (isset($authcode)) {

unset($fields,$fields_string);

$aurl = 'https://disqus.com/api/oauth/2.0/access_token/?';

$fields = array(

'grant_type'=>'authorization_code',

'client_id'=>DISQUS_PUBLIC_KEY,

'client_secret'=>DISQUS_SECRET_KEY,

'redirect_uri'=>self::trimquerystring('http://'.$_SERVER[HTTP_HOST].'/disqus-iframe'),

'code'=>$authcode

);

foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }

$fields_string = rtrim($fields_string, "&");

$authurl = $aurl.$fields_string;

var_dump($authurl);

$acurl = curl_init();

curl_setopt_array($acurl, array(

CURLOPT_RETURNTRANSFER => 1,

CURLOPT_URL =>$aurl,

CURLOPT_VERBOSE => 1,

CURLOPT_HEADER => 1,

CURLOPT_POSTFIELDS => $fields

));

$response=curl_exec($acurl);

curl_close($acurl);

var_dump($response.' ');

}

    return $html.$lhtml;

  //.self::disqusjs();

    

    

}

On Wednesday, January 1, 2014 11:39:04 AM UTC+2, Byrne Reese wrote:

[Burak Yiğit Kaya]

What would you suggest as a better error message? May be "Unknown parameter" or "Unexpected parameter"? I agree "invalid parameter" is not crystal clear since it can be interpreted as "the value for the parameter is not valid".

--

You received this message because you are subscribed to the Google Groups "Disqus Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to disqus-dev+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
BYK

[Burak Yiğit Kaya]

It turns out we intended to say the value is not valid but I agree it should be clearer. Working on a patch. Thanks for the feedback.

--
BYK