I am using an architecture similar to the one described here. I have a middleware server that handles the OAuth flow with the third-party API (e.g., Constant Contact) and the client makes direct requests only to the middleware server. This is so I can have a single redirect URI to the middleware server with multiple clients on different domains.
This has worked with other third-party APIs. But, with Constant Contact, I am having an issue at the point where the client is directed to the authorization request page. With the middleware architecture, the client makes a request to the middleware server, which then redirects this request to the appropriate authorization request URL and the client should see the authorization request page in the browser. Instead, I am redirected to Constant Contact's login page, and after logging in, I'm seeing this page and there is no request to my redirect URI:
I see that the request to my middleware server was redirected to the correct authorization request URL. I confirmed this because when I went directly to this URL in my browser, it went to the authorization request page and the OAuth flow worked successfully from there. It's only when the request to this URL goes through a redirect, it eventually ends up at the Page Expired page, rather than the authorization request page.
Looking at the requests, there seems to be a few redirects going on. I'll list them here. Maybe there's something simple that I'm missing.
Request to middleware service (local testing) with temporary access code