Reply
Occasional Participant
AndyP8
Posts: 3
Registered: ‎09-29-2011
Accepted Solution

Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

I'm trying to use OAUTH 2.0 to authenticate/authorize. I'm testing on my local machine, where my application is running and accessible over HTTPS. I'm taken through the authization step, but get an error on the redirect back to my application.

 

To start the process, I'm redirecting the browser to:

 

https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?response_type=code&client_id=MY_...

 

Where MY_API_KEY is my api key.

 

I'm taken to a Constant Contact login page, then to an authorization page, where I can grant access to my application. After clicking the Grant button, I'm taken to:

 

https://localhost/somepath?error=redirect_uri_mismatch&error_description=Invalid%20redirect.

 

Can you tell me what is wrong with the redirect_uri value I'm using?

 

Thanks,

 

Andy

Ryan_D
Posts: 453
Topics: 0
Kudos: 20
Solutions: 21
Registered: ‎06-28-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Hey Andy,

 

Can you provide us with the rest of your code.  If you do not wish to post it you can send it to webservices@constantcontact.com and I can get it from there.  

Ryan Davis
Support Engineer, Constant Contact
Occasional Participant
AndyP8
Posts: 3
Registered: ‎09-29-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Ryan,

Looks like my URL got cut off, here it is with line breaks.

 

https://oauth2.constantcontact.com/oauth2/oauth/siteowner/authorize?

response_type=code&

client_id=API_KEY&

redirect_uri=https%3A%2F%2Flocalhost%2FPATH_TO_APPLICATION

 

As for other code, there is no other code that really matters. If you replace API_KEY in the URL above with my real API key, you can paste this into a browser and see that:

  1. You correctly get taken to an OAUTH authorization page
  2. After granting access, you are redirected to the following URL:

https://localhost/PATH_TO_APPLICATION?error=redirect_uri_mismatch&

error_description=Invalid%20redirect.

 

If things were working, I'd get redirected to:

 

https://localhost/PATH_TO_APPLICATION?code=AUTH_CODE

 

Note that I can change PATH_TO_APPLICATION to a real app location, same result. I can also use a server with a public hostname and not use localhost, same result.

 

Does that help?

 

Andy

Ryan_D
Posts: 453
Topics: 0
Kudos: 20
Solutions: 21
Registered: ‎06-28-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Hey Andy,

 

I think the issue may be that when you have created your API key you set the URL redirect to a certain point and you are using a different one in your code.  Thus you are receiving an error.  Please check that and let me know as I was able to get my code after matching the two of them.

Ryan Davis
Support Engineer, Constant Contact
Occasional Participant
AndyP8
Posts: 3
Registered: ‎09-29-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

This is working now. I hadn't realized I needed to attach the redirect URI value to my API key. It would be great to note this in your API docs.

 

Thanks,

 

Andy

Ryan_D
Posts: 453
Topics: 0
Kudos: 20
Solutions: 21
Registered: ‎06-28-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Hey Andy,

 

I will be passing that information on to see if we can get that documentation updated.

Ryan Davis
Support Engineer, Constant Contact
Occasional Contributor
PaulW79
Posts: 14
Registered: ‎10-03-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

I'm developing a web app that is using oauth 2 and it works fine when the URIs match as you say.  My problem is that I'll need this web app to run when installed at multiple client sites.  So the URI will always be different.  Is there anyway to not use the URI redirect in the key or any other work around to this.  I'd rather not create an api key for every client that runs this application.

 

-Paul

DaveBerard
Posts: 1,635
Topics: 7
Kudos: 61
Solutions: 58
Registered: ‎06-19-2008

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

The normal way of handling this is to have a central server endpoint (or agent) that handles all requests and then sends it back to the correct client.  Since you can pass optional parameters to the server and the server will pass them back to you, you can tell which endpoint to redirect the information to.  Then your client will receive the update from your server agent and this flow will correctly work.

Dave Berard
Senior Product Manager, Constant Contact
Ryan_D
Posts: 453
Topics: 0
Kudos: 20
Solutions: 21
Registered: ‎06-28-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Hey Paul,

 

There are no work around as this is how the specification of oAuth2 was written.  At this time we don't have a way to verify more than one redirect URI to an API key.  The only work around that comes to mind is to use oAuth1 which you can find information for here

 

Please let me know if this helps.

Ryan Davis
Support Engineer, Constant Contact
Occasional Contributor
PaulW79
Posts: 14
Registered: ‎10-03-2011

Re: Receiving a "redirect_uri_mismatch" error when authorizing with OAUTH 2.0

Thanks Dave. An agent sounds like it will work. I'll give that a try.