I added both the DEV and PROD Redirect URLs in the Redirect URLs field on the OAuth & Permissions page within my Monday App and kept getting the following error on the /oauth2/token call:
“error_description”: “Authorization code and redirect_uri mismatch”
I found this curious because in the field it says “If you pass a redirect_uri in an OAuth request, it must exactly match one of the URLs you enter here”, and within the /authorize endpoint request body, you pass the redirect_uri parameter only if you have multiple Redirect URLs listed in the field above (else it defaults to the first configured URL in the list).
Once I removed one of the Redirect URLs from the list (now only having 1), it started working again. The only thing I can think of here is that the Multiple Redirect URLs Logic is broken.
Let me know what you find!