invalid oauth2 redirect uri discord
OAuth2 Access Token #1131
Comments
Gutyerrez commented Oct 2, 2019 •
I’m trying to get access token in Node.JS, but that’s always return an error: «Invalid redirect_uri in request.»
The text was updated successfully, but these errors were encountered:
We are unable to convert the task to an issue at this time. Please try again.
The issue was successfully created but we are unable to update the comment at this time.
Lachee commented Oct 2, 2019
you shouldn’t need to decode your URL. This maybe create a invalid REDIRECT_URI. Also make sure you have http://127.0.0.1:8080/discord in your redirects on the application. 
MinnDevelopment commented Oct 2, 2019
Note that the redirect uri must be identical to the one used in the original authorize request:
redirect_uri
REQUIRED, if the «redirect_uri» parameter was included in the
authorization request as described in Section 4.1.1, and their
values MUST be identical.
MatrixSenpai commented Aug 24, 2020
Instead, the solution I ended up with was to set up a redirect to https://mydomain.com/ and have that host redirect to myapp://authorize
jfbn commented Oct 12, 2020 •
Instead, the solution I ended up with was to set up a redirect to https://mydomain.com/ and have that host redirect to myapp://authorize
Is this still relevant? I am getting the «invalid redirect_uri» error now, despite the fact that the redirect_uri is correct.
Are you suggesting that I redirect to any http(s) domain, which in turn redirects to my custom scheme?
EDIT: I am facing the same issue on Android, so my problem might be unrelated. I wonder what the deal is.
MatrixSenpai commented Oct 13, 2020
Are you suggesting that I redirect to any http(s) domain, which in turn redirects to my custom scheme?
Seems like the best way to solve the problem at the moment, and it’s what I had to do
night commented Oct 13, 2020
If you want to use a custom scheme you must employ PKCE on your authorization flow. Learn more at https://oauth.net/2/pkce/
MatrixSenpai commented Oct 13, 2020
I see nowhere in the documentation that mentions support for PKCE
jfbn commented Oct 14, 2020
If you want to use a custom scheme you must employ PKCE on your authorization flow. Learn more at https://oauth.net/2/pkce/
Thanks for your reply. I will implement PKCE and get back here to verify that custom schemes function with that. It might be worth mentioning somewhere on the Discord application OAUTH2 dashboard.
MatrixSenpai commented Oct 14, 2020
mentioning somewhere on the Discord application OAUTH2 dashboard.
Or literally anywhere in the documentation. There’s so many OAuth2 systems out there that don’t use PKCE, so without documentation it’s literally impossible to tell.
I’ve successfully implemented Discord’s OAuth2 flow using the authorization code grant type into my application. The end user navigates to Discord’s OAuth2 link for my bot, authorizes its access, and Discord redirects them back to my site with a code querystring. The bot then exchanges this code for an access token by querying Discord’s API. Documentation on this process is available here for reference.
However, roughly every 50-100 requests to the exchange endpoint, I receive a 403 with the error invalid_grant and the description Invalid «code» in request. Frankly, I don’t understand how the code just provided by Discord’s system is instantly invalid. The same user can complete the process again and no error is returned the second time.
Out of desperation, I tried toggling on the option in the Developers Dashboard named Requires OAuth2 Code Grant seeing that it said «if your application requires multiple scopes,» but it made no effect. I’ve also tried endless debugging, but the circumstances under each occurrence are apparently random. Oddly enough, I can’t find anyone with the same issue online.
Below is the request I’m making in Node.js using the superagent library. It matches the documentation and works perfectly, other than the response randomly being the error described.
I can confirm that all variables match their expected values. The value of redirect_uri matches that of redirect_uri in the original URL used. code is the value of the code querystring returned through the OAuth2 flow.
What (if anything) am I doing wrong that’s causing the error?
Update 1:
Discord has directed me to the API GitHub repo, and I found the issue closed here. Commented and will update here if I receive any helpful info or resolve the issue completely (hopefully the case).
Invalid oauth2 redirect uri discord
A really simple to use module to use discord’s OAuth2 API.
One parameter is passed to the class constructor:
Since the module uses a modified version of Eris request handler, it takes the same options, all of them default to the default Eris Client options if no options are passed.
Request handler options:
Others, you can pass these options to the class constructor so you don’t have to pass them each time you call a function:
In the Eris Library, client extends the events modules and the client is passed to the RequestHandler so it’s able to emit events, this modified RequestHandler extends events so it can emit the same events.
Only takes an object with the following properties:
clientId : Your application’s client id. Can be omitted if provided on the client constructor.
clientSecret : Your application’s client secret. Can be omitted if provided on the client constructor.
scope : The scopes requested in your authorization url, can be either a space-delimited string of scopes, or an array of strings containing scopes.
redirectUri : Your URL redirect uri. Can be omitted if provided on the client constructor.
grantType : The grant type to set for the request, either authorization_code or refresh_token.
code : The code from the querystring (grantType authorization_code only).
refreshToken : The user’s refresh token (grantType refresh_token only).
Returns a promise which resolves in an object with the access token.
Please refer to discord’s OAuth2 documentation for the parameters needed.
Using class constructor options, array of scopes and grantType refresh_token:
Takes two parameters, the first one is the access_token from the user, the second is a Base64 encoding of the UTF-8 encoded credentials string of your application.
Returns a promise which resolves in an empty object if successful.
Only takes one parameter which is the user’s access token.
Returns the user object of the requester’s account, this requires the identify scope, which will return the object without an email, and optionally the email scope, which returns the object with an email.
Only takes one parameter which is the user’s access token.
Returns a list of partial guild objects the current user is a member of. Requires the guilds scope.
Only takes one parameter which is the user’s access token.
Returns a list of connection objects. Requires the connections OAuth2 scope.
Force join a user to a guild (server).
Takes an object with the following properties:
accessToken : The user access token.
botToken : The token of the bot used to authenticate.
guildId : The ID of the guild to join.
userId : The ID of the user to be added to the guild.
Optional properties (the above ones are required):
nickname : Value to set users nickname to.
roles : Array of role ids the member is assigned.
mute : Whether the user is muted in voice channels.
deaf : Whether the user is deafened in voice channels.
Returns a member object if the user wasn’t part of the guild, else, returns an empty string (length 0).
Dynamically generate an OAuth2 URL.
Takes an object with the following properties:
clientId : Your application’s client id. Can be omitted if provided on the client constructor.
prompt : Controls how existing authorizations are handled, either consent or none (for passthrough scopes authorization is always required).
scope : The scopes requested in your authorization url, can be either a space-delimited string of scopes, or an array of strings containing scopes.
redirectUri : Your URL redirect uri. Can be omitted if provided on the client constructor.
responseType : The response type, either code or token (token is for client-side web applications only). Defaults to code.
permissions : The permissions number for the bot invite (only with bot scope) (https://discord.com/developers/docs/topics/permissions).
guildId : The guild id to pre-fill the bot invite (only with bot scope).
disableGuildSelect : Disallows the user from changing the guild for the bot invite, either true or false (only with bot scope).
By default when you log an error to the console, it will look something like this DiscordHTTPError: 400 Bad Request on POST /api/v7/oauth2/token followed by a very long stack trace what most of the times won’t be useful (if you already know where the function is called).
To easily debug any issues you are having, you can access the following properties of the error object thrown:
req : The HTTP request sent to discord.
res : The HTTP response sent from discord to our request.
Авторизация Google OAuth 2-Ошибка: несоответствие uri перенаправления
на сайте https://code.google.com/apis/console я зарегистрировал свое приложение, настроил сгенерированный идентификатор клиента: и Ключ в мое приложение и попытался войти в систему с помощью Google. К сожалению, я получил сообщение об ошибке:
что значит это сообщение и как я могу это исправить? Я использую камень omniauth-Google-на что OAuth2.
26 ответов
URI перенаправления (куда возвращается ответ) должен быть зарегистрирован в консоли API, и ошибка указывает, что вы не сделали этого или не сделали это правильно.
перейдите к консоли для вашего проекта и посмотрите в разделе доступ к API. Вы должны увидеть свой идентификатор клиента и секрет там, вместе со списком URI перенаправления. Если нужного URI нет в списке, нажмите кнопку Изменить параметры и добавьте URI в список.
в моем случае это был www и non-www URL-адрес. Фактический сайт имел www URL и Авторизованный Перенаправление URIs в консоли разработчика Google было non-www URL-адрес. Следовательно, было несоответствие в перенаправлении URI. Я решил это, обновив Authorized Redirect URIs в консоли разработчика Google для www URL-адрес.
другие общие несоответствия URI:
вот пошаговые скриншоты консоли разработчика Google, так что это было бы полезно для тех, кто получает его трудно найти страницу консоли разработчика для обновления перенаправления URIs.
Если вы используете кнопка Google + javascript, то вы должны использовать postmessage вместо фактического URI. Мне потребовался почти целый день, чтобы понять это, так как документы Google по какой-то причине не ясно заявляют об этом.
Even though I read a numerous duplicate issues here on Stackoverflow, still can’t figure out for the life of me what I’m doing wrong.
Problem: I successfully receive an authorization code from, but when I request an access token using this code I get the following error:
Configuration:
I use http://localhost:3030/google/oauth2/callback as a callback URL
It’s setup in the google developer console:
This is a «raw curl» request that I send to obtain a token:
What I have done:
Played with OAuth2 Playground (where it works obviously), but doesn’t work for me
Tried multiple variations for body + different content types the same problem, but sometimes I also get
Any help would be appreciated.
1 Answer 1
One more observation: When you test, you can use the authorization code only once (for security reasons). Sometimes even if you send multiple «unsuccessful requests» with the same code, Google’s API will reject all subsequent requests with that code (you need to go through the OAuth2 again flow to obtain a new one). The most «frustrating» part that confused me is that the response for the wrong code looks like this:
instead of being something like «Code is not valid» or «Code has expired».
So, if you encounter an error above it means the request was crafted correctly, but the code is wrong.