cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Highlighted
Occasional Organizer

Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Hi,

 

I'm in the process of implementing OAuth 2.0 server flow authentication on my platform which serves multiple organizations with each their specific URL. Thus, on the Authorization Request call, I have to make use of additional query parameters by appending them to the redirect URI and encoding them to redirect my users after a successful authentication. Alas, adding any additional query parameters to my redirect URI gives me a 400 - Invalid redirect_uri error page indicating a mismatch between the redirect URI specified in the call and the one on my application settings.

 

Here's the redirect URI specified in my application settings:

http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse

 

Here's the non-encoded redirect URI and appended query parameters I'm sending with the Authorization Request:

http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse?orgId=3049

 

Here's the complete Authorization Code Request as I'm sending it to your servers with redacted Client ID:

https://api.cc.email/v3/idfed?response_type=code&client_id=<MY_CLIENT_ID>&scope=contact_data&redirect_uri=http%3a%2f%2fwww.amilia.localhost%2fWs%2fConstantContact%2fOAuthResponse%3forgId%3d3049

 

Here's the C# code responsible for redirecting the user to Constant Contact's servers for the Authorization Code Request:

 

public void AuthorizationCodeRequest(int orgId)
{
    var apiKey = <MY_CLIENT_ID>
    var redirectParams = $"?orgId={orgId}";
    var redirectUrl = HttpUtility.UrlEncode("http://www.amilia.localhost/Ws/ConstantContact/OAuthResponse" + redirectParams);
            
    var url = $"https://api.cc.email/v3/idfed?response_type=code&client_id={apiKey}&scope=contact_data&redirect_uri={redirectUrl}";

    HttpContext.Current.Response.Redirect(url);
}

 

With no additional query parameters, the authentication works fine and I'm able to get an Access Token with the returned code but as soon as I add any additional query parameters, I am met with the 400 - Invalid redirect_uri error page. I am not sure as to what I'm doing wrong here as adding query parameters to the redirect URI is supported as specified in the V3 API documentation.

10 REPLIES 10
Moderator

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Hi @KristenG703,

 

I am currently looking in to this. Our v2 API works with this and our documentation and developers say this should work in the v3 API; however I'm having the same issue as you are.

 

Let me do a little more digging/testing on this and see what I can come up with.


Regards,
Jimmy D.
Tier II API Support Engineer
Occasional Participant

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

As a developer, I sort of hate it when people tell me the following:

 

Hey, it's happening to me too.

 

But...hey it's happening to me too and I don't want to resort to Cookies or Local Storage to try to manage state unless this is going to be a long time to fix.  Without this capability it will be hard for us to know who we passed to constant contact.  I am sure you get that.

Occasional Participant

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Can we get an update on this issue as it is preventing me from moving forward.

Moderator

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Hi @ERICW916,

 

I have brought this up to our engineers and they are looking in to it. At this time I do not have an ETA; however if you would like an email when the issue is resolved you can email us at webservices@constantcontact.com and we can set that up.


Regards,
Jimmy D.
Tier II API Support Engineer
Visitor

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

It's been 3 months already and this is still not resolved.

Moderator

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Hi @user88222,

 

Thank you for reaching out to Constant Contact's API Support.

 

I have sent you a separate email; please look for it at the email address attached to your Constant Contact account.


Regards,
Jimmy D.
Tier II API Support Engineer
Occasional Contributor

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

We are having the same issue here on our end, we are trying to pass a state parameter (or any non-constant parameter for that matter) in our redirect and it is being cleared out. Do you have a work around in place for this? 

Occasional Participant

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Yeah after 3 months, I have instructed our company to put this project on the backlog.  This is a clearly not adhering to the OAuth 2 standard as it should be stateless.  I do not want to resort to maintaining state as that is a dirty work around for what should be a simple solution.  If we could all get an ETA, I think we all could gauge our development efforts better and set customer's expectations, but it doesn't look like that is going to happen.

Moderator

Re: Authorization Code Request: 400 - Invalid redirect_uri when adding query parameters

Hi @IntegrationT4 and @ERICW916,

 

You can use a wildcard when setting the redirect URI in the application settings of your API Key. Then when you use the redirect URI in your actual call it will work with different parameters. Here is an example.

 

In the settings for your API Key set this as your redirect URI.

https://localhost?id=*

 

When you add the redirect URI to the API call endpoint you can use different parameters in place of the wildcard.

https://idfed.constantcontact.com/as/token.oauth2?code={authorization_code}&redirect_uri=https://localhost?id=5&grant_type=authorization_code

 Your redirect URI will need to be encoded of course. 


Regards,
Jimmy D.
Tier II API Support Engineer