Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters
Hi,
Â
I'm in the process of implementing OAuth 2.0 server flow authentication on my platform which serves multiple organizations with each their specific URL. Thus, on the Authorization Request call, I have to make use of additional query parameters by appending them to the redirect URI and encoding them to redirect my users after a successful authentication. Alas, adding any additional query parameters to my redirect URI gives me a 400 - Invalid redirect_uri error page indicating a mismatch between the redirect URI specified in the call and the one on my application settings.
Â
Here's the redirect URI specified in my application settings:
http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse
Â
Here's the non-encoded redirect URI and appended query parameters I'm sending with the Authorization Request:
http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse?orgId=3049
Â
Here's the complete Authorization Code Request as I'm sending it to your servers with redacted Client ID:
https://api.cc.email/v3/idfed?response_type=code&client_id=<MY_CLIENT_ID>&scope=contact_data&redirect_uri=http%3a%2f%2fwww.amilia.localhost%2fWs%2fConstantContact%2fOAuthResponse%3forgId%3d3049
Â
Here's the C# code responsible for redirecting the user to Constant Contact's servers for the Authorization Code Request:
Â
public void AuthorizationCodeRequest(int orgId) { var apiKey = <MY_CLIENT_ID> var redirectParams = $"?orgId={orgId}"; var redirectUrl = HttpUtility.UrlEncode("http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse" + redirectParams); var url = $"https://api.cc.email/v3/idfed?response_type=code&client_id={apiKey}&scope=contact_data&redirect_uri={redirectUrl}"; HttpContext.Current.Response.Redirect(url); }
Â
With no additional query parameters, the authentication works fine and I'm able to get an Access Token with the returned code but as soon as I add any additional query parameters, I am met with the 400 - Invalid redirect_uri error page. I am not sure as to what I'm doing wrong here as adding query parameters to the redirect URI is supported as specified in the V3 API documentation.