The 'redirect_uri' parameter must be an absolute URI that is whitelisted in the client app settings

Hello trying this tutorial

And I’m getting what seems to be a typical problem with people starting out, but none of the solutions i’m seeing are working for me. Hopefully someone can help see where I am going wrong.

{
“web”: {
“client_id”: “1…2”,
“client_secret”: “1…2”,
“auth_uri”: “h://dev-1…2.oktapreview.com/oauth2/default/v1/authorize”,
“token_uri”: “h://dev-1…2.oktapreview.com/oauth2/default/v1/token”,
“issuer”: “h://dev-1…2.oktapreview.com/oauth2/default”,
“userinfo_uri”: “h://dev-1…2.oktapreview.com/oauth2/default/userinfo”,
“redirect_uris”: [
“h://localhost:5000/oidc/callback”
]
}
}

app = Flask(name)
app.config[“OIDC_CLIENT_SECRETS”] = “client_secrets.json”
app.config[“OIDC_COOKIE_SECURE”] = False
app.config[“OIDC_CALLBACK_ROUTE”] = “/oidc/callback”
app.config[“OIDC_SCOPES”] = [“openid”, “email”, “profile”]
app.config[“SECRET_KEY”] = “1…2”
app.config[“OIDC_ID_TOKEN_COOKIE_NAME”] = “oidc_token”
oidc = OpenIDConnect(app)
okta_client = UsersClient(“h://1…2.oktapreview.com”, “1…2”)

in my app settings in Okta my “Login redirect URIs” is set to “redirect_uris” above in my client_secrets.

Not sure what else to try.

Thanks in advance

2 Likes

Hello,

I have just found this, not sure if it is gonna solve your problem (and mine) but I will share my results.

Regards,

Manu

I am getting this error too and my code is just have you @JLC have stated above. I also verified that my redirect_uris link in the client_secrets.json file match the application ‘Login redirect URIs’ from the ‘General’ tab->general settings->Login section. Feel like I am close as my logo shows up in the header of the bad request page, but not working still.

Hi, did you manage to fix this?

Hi @miyoro

Please check out the article available here in order to resolve this issue.

I’ve been following the article and have made sure that my URIs are exactly the same (I have even copy-pasted)

Hi @miyoro

Can you please send us an email to developers@okta.com to have this issue further investigated?

The Url that comes up when making the request shows the rederict URI as

redirect_uri=http%3A%2F%2Ftwitteranalyserwebapp.xxbtbkmhad.eu-west-2.elasticbeanstalk.com%2Foidc%2Fcallback

Any help will be greatly appreciated…

Okay, sending an email now.

If anyone else gets stuck like me, the solution was to convert the url to lowercase as that is how it was being passed in the redirect URI.

1 Like

Can anyone please help…i am new to OKTA and Angular.


I am getting above Error…please find below my redirect URL Settings in console:

Here is the request :

https://dev-726200.okta.com/oauth2/default/v1/authorize?client_id=0oa4xqecwZPkQiCQR4x6&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fimplicit%2Fcallback&response_type=id_token%20token&response_mode=fragment&state=9XOfS5Ww9ji0CMRVYTAln32wGKF6IC5uTfDnJSDXsAdxgxNsp9425f1kFzDogzYJ&nonce=wStWV656EHsRci37ZW5cHePQ5JPzWDhQLik07zkVdneEbfzxy807V37CVkLk1khA&sessionToken=201111l9EbptD7aKS_rv8itufvda10Q_FZAv82aj8KXhbZdhUfDVfFV&scope=openid%20email%20profile

Hi @JAKEER

I see that the URL redirects now successfully to the login page. Is the issue resolved?

Having the same issue as above.

The request is this:
https://dev-93293120.okta.com/oauth2/default/v1/authorize?client_id=0oa10w3g4en3Uqe6J5d7&scope=openid%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauthorization-code%2Fcallback&state=AXXmk2p6SiwNx0amLV_-V25gZZzCmJaXG3iJC3ZIp_I

Screen Shot 2021-07-07 at 5.43.31 PM

@andy.bt, the redirect_uri present in your authorize url is http://localhost:3000/authorization-code/callback, but your app is only allowing http://localhost:3000/users/callback to be used as a redirect uri. You would need to add http://localhost:3000/authorization-code/callback to the Sign In Redirect URIs configured for your app to get this working with the default callback route.

if you are using our Node middleware, you can configure your own loginRedirectUri config option if you want to use the /users/callback route instead of the default /authorization-code/callback route. See docs for this package here that show all the options available and the default behavior/

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.