Auth: redirect_url vs redirect_uri
319 views
Skip to first unread message
Nick Pettazzoni
Aug 12, 2018, 12:45:34 PM8/12/18
to Untappd API Developer Group
Hi everyone, I'm working on my first time iOS app in Swift and using a library for OAuth, and I found some weird behavior around the redirect_url param.
It looks like the OAuth spec defines the param as "redirect_uri" (https://tools.ietf.org/html/rfc6749#section-4.1.3), which is what my library has hardcoded, but Untappd requires it to be "redirect_url".
When I make a request to /authenticate, if this is the first time, we get the expected "connect to this app?" page and then the login page. But after logging in, we get a 500 error with a message about "missing redirect_url."
But then, if I try again now that I've already allowed the app to connect to my account and have a logged in session in the browser, we skip both those pages and go directly to my redirect url, getting the auth token and everything works perfectly.
I verified that it's specifically this param that's the issue by manually editing the library code to change the harcoded name "redirect_uri" to "redirect_url", and then both cases work perfectly, no 500s.
It seems to me that for some reason Untappd is following the spec on the initial /authenticate endpoint, but then loses the correct "redirect_uri" param if it goes through the login page. Has anyone run into this before?
Greg Avola
Aug 12, 2018, 5:05:18 PM8/12/18
to untappd-api-d...@googlegroups.com
Can you post the flow you are sending the url? I’d whats the first end point you hit - you can blank out your client_id / secret.
We support both params - so not sure what’s going on here.
Greg
--
You received this message because you are subscribed to the Google Groups "Untappd API Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to untappd-api-develop...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nick Pettazzoni
Aug 13, 2018, 9:28:25 AM8/13/18
to untappd-api-d...@googlegroups.com
The initial request looks like:
and the response after login:
https://untappd.com/oauth/authenticate/?client_id=****&redirect_uri=dididrunkthis://oauth-callback/untappd&response_type=token&state=helloitsmedididrunkthis
{"meta":{"http_code":500,"error_type":"param_error","error_detail":"you are missing the client ID and redirect URL"},"response":[]}
Could it have something to do with the redirect url being a weird scheme (it’s used so we can intercept and handle the redirect on iOS)?
You received this message because you are subscribed to a topic in the Google Groups "Untappd API Developer Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/untappd-api-developer-group/G0dGZ8ljtoE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to untappd-api-develop...@googlegroups.com.
Greg Avola
Aug 13, 2018, 9:41:59 AM8/13/18
to untappd-api-d...@googlegroups.com
That's strange - are you seure you are entering the client_id, if I do this:
Greg
I get a different error (invalid Client ID) - so I'm wondering if client ID is being passed correctly.
Greg
Nick Pettazzoni
Aug 13, 2018, 10:15:52 AM8/13/18
to untappd-api-d...@googlegroups.com
I can actually reproduce this in a normal browser too. When I replace my actual client ID, I get directed to the login page, then the same 500 error.
Looks like the redirect uri is missing in what’s being passed from the initial authenticate “connect your account to this app?” page to the actual login form page:
Then of course the go_to param that’s passed along with my login is missing it as well:
Greg Avola
Aug 13, 2018, 10:39:04 AM8/13/18
to untappd-api-d...@googlegroups.com
Got it! I missed that part about the "logged out" experience and the redirect_uri - that may be the situation. Let me work on this today, and get back to you.
Greg
Reply all
Reply to author
Forward
0 new messages