Auth issue
70 views
Skip to first unread message
Deepak Kumaravelu
Jul 21, 2025, 12:31:06 AMJul 21
to zotero-dev
Hello Zotero Dev Team,
I am developing a web application with a standard Spring Boot backend and a React frontend, and I'm encountering a persistent issue with the OAuth flow.
The Problem:
My application correctly constructs the authorization URL and redirects the user to the Zotero authorization page. I can successfully log in with my Zotero credentials and click the "Accept Defaults" button to authorize my application.
However, immediately after I click "Accept Defaults," instead of redirecting back to my specified redirect_uri, the Zotero website displays a generic error page with the following message:
Server Error
Something went wrong processing your request.
Troubleshooting Steps Taken:
I am confident the issue is not with my local application's code because the error occurs on the Zotero server side. I have already tried the following:
Verified Client ID: The client_id in my authorization URL is correct.
Verified Redirect URI: I have triple-checked that the redirect_uri parameter in my URL (http://localhost:8080/auth/zotero/callback) exactly matches the "Callback URL" configured in my OAuth application settings on the Zotero website. There are no typos, extra spaces, or missing slashes.
Re-created the Application: I have tried deleting the OAuth application on the Zotero site and creating a brand new one from scratch. The new keys produce the same "Server Error".
Direct URL Test: I have bypassed my application entirely by pasting the fully constructed authorization URL directly into my browser. The result is the same: I can log in and authorize, but it is followed by the "Server Error" page.
Example URL:
This is the exact URL structure my application is redirecting to (using my actual client_id):
https://www.zotero.org/oauth/authorize?client_id=0f45ba3abb3200909921&response_type=code&redirect_uri=http://localhost:8080/auth/zotero/callback
Could you please advise if there are any known issues with the OAuth server, or if there is something else I might be missing? The fact that it fails even with a direct URL and a fresh application key suggests the issue might be on the server side.
Thank you for your time and help.
I am developing a web application with a standard Spring Boot backend and a React frontend, and I'm encountering a persistent issue with the OAuth flow.
The Problem:
My application correctly constructs the authorization URL and redirects the user to the Zotero authorization page. I can successfully log in with my Zotero credentials and click the "Accept Defaults" button to authorize my application.
However, immediately after I click "Accept Defaults," instead of redirecting back to my specified redirect_uri, the Zotero website displays a generic error page with the following message:
Server Error
Something went wrong processing your request.
Troubleshooting Steps Taken:
I am confident the issue is not with my local application's code because the error occurs on the Zotero server side. I have already tried the following:
Verified Client ID: The client_id in my authorization URL is correct.
Verified Redirect URI: I have triple-checked that the redirect_uri parameter in my URL (http://localhost:8080/auth/zotero/callback) exactly matches the "Callback URL" configured in my OAuth application settings on the Zotero website. There are no typos, extra spaces, or missing slashes.
Re-created the Application: I have tried deleting the OAuth application on the Zotero site and creating a brand new one from scratch. The new keys produce the same "Server Error".
Direct URL Test: I have bypassed my application entirely by pasting the fully constructed authorization URL directly into my browser. The result is the same: I can log in and authorize, but it is followed by the "Server Error" page.
Example URL:
This is the exact URL structure my application is redirecting to (using my actual client_id):
https://www.zotero.org/oauth/authorize?client_id=0f45ba3abb3200909921&response_type=code&redirect_uri=http://localhost:8080/auth/zotero/callback
Could you please advise if there are any known issues with the OAuth server, or if there is something else I might be missing? The fact that it fails even with a direct URL and a fresh application key suggests the issue might be on the server side.
Thank you for your time and help.
Tomasz Najdek
Jul 21, 2025, 5:19:23 AMJul 21
to zoter...@googlegroups.com
Hi,
Based on the URL you've posted, I'm guessing your application is building an OAuth 2.0 URL, while Zotero supports OAuth 1.0a. Have a look at the example at https://www.zotero.org/support/dev/web_api/v3/oauth or an example Node.js app here: https://github.com/tnajdek/zotero-oauth-example to see the correct flow.
Kind Regards
Tom
--
You received this message because you are subscribed to the Google Groups "zotero-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zotero-dev+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zotero-dev/3707d253-a474-41e8-9d5f-0be15d7a126fn%40googlegroups.com.
Deepak Kumaravelu
Aug 2, 2025, 3:55:22 AMAug 2
to zotero-dev
Hi, just following up on my earlier query. I was able to authenticate via OAuth 1.0a and receive access_token and access_secret. GET requests work fine, but all my POST requests return:
An API key is required for write requests
Does this mean OAuth tokens alone cannot provide write access and I must use a Zotero API key? Is there any way to get that key programmatically after OAuth, or is manual key generation the only option?
Reply all
Reply to author
Forward
0 new messages