I'm trying to use OAUTH 2.0 to authenticate/authorize. I'm testing on my local machine, where my application is running and accessible over HTTPS. I'm taken through the authization step, but get an error on the redirect back to my application.
To start the process, I'm redirecting the browser to:
Where MY_API_KEY is my api key.
I'm taken to a Constant Contact login page, then to an authorization page, where I can grant access to my application. After clicking the Grant button, I'm taken to:
Can you tell me what is wrong with the redirect_uri value I'm using?
Solved! Go to Solution.
Can you provide us with the rest of your code. If you do not wish to post it you can send it to email@example.com and I can get it from there.
Looks like my URL got cut off, here it is with line breaks.
As for other code, there is no other code that really matters. If you replace API_KEY in the URL above with my real API key, you can paste this into a browser and see that:
If things were working, I'd get redirected to:
Note that I can change PATH_TO_APPLICATION to a real app location, same result. I can also use a server with a public hostname and not use localhost, same result.
Does that help?
I think the issue may be that when you have created your API key you set the URL redirect to a certain point and you are using a different one in your code. Thus you are receiving an error. Please check that and let me know as I was able to get my code after matching the two of them.
This is working now. I hadn't realized I needed to attach the redirect URI value to my API key. It would be great to note this in your API docs.
I will be passing that information on to see if we can get that documentation updated.
I'm developing a web app that is using oauth 2 and it works fine when the URIs match as you say. My problem is that I'll need this web app to run when installed at multiple client sites. So the URI will always be different. Is there anyway to not use the URI redirect in the key or any other work around to this. I'd rather not create an api key for every client that runs this application.
The normal way of handling this is to have a central server endpoint (or agent) that handles all requests and then sends it back to the correct client. Since you can pass optional parameters to the server and the server will pass them back to you, you can tell which endpoint to redirect the information to. Then your client will receive the update from your server agent and this flow will correctly work.
There are no work around as this is how the specification of oAuth2 was written. At this time we don't have a way to verify more than one redirect URI to an API key. The only work around that comes to mind is to use oAuth1 which you can find information for here.
Please let me know if this helps.