Multiple Redirect URLs Logic Broken

mrautomation · February 19, 2021, 3:47pm

Hey there,

I added both the DEV and PROD Redirect URLs in the Redirect URLs field on the OAuth & Permissions page within my Monday App and kept getting the following error on the /oauth2/token call:

Data: {
“error”: “invalid_grant”,
“error_description”: “Authorization code and redirect_uri mismatch”
}

I found this curious because in the field it says “If you pass a redirect_uri in an OAuth request, it must exactly match one of the URLs you enter here”, and within the /authorize endpoint request body, you pass the redirect_uri parameter only if you have multiple Redirect URLs listed in the field above (else it defaults to the first configured URL in the list).

Once I removed one of the Redirect URLs from the list (now only having 1), it started working again. The only thing I can think of here is that the Multiple Redirect URLs Logic is broken.

Let me know what you find!

basdebruin · January 24, 2021, 10:12am

Hi @mrautomation

Little off topic Is it not easier for you to use seamless authentication? I saved me a lot of time (and issues) when I made the move from OAuth to seamless authentication.

mrautomation · January 25, 2021, 2:13am

Thanks for the reply @basdebruin!

Does the seamless authentication method allow you to build apps for others? The goal of this Monday Integration Recipe is to offer it as a product to the amazing Monday.com marketplace.

Cheers,
Chris

basdebruin · January 25, 2021, 8:19am

Yes, all the apps I build and sell to others are making use of seamless authentication. The big advantage is that you don’t need to store access tokens.

mrautomation · January 25, 2021, 12:49pm

Wow that’s really great. Does seamless authentication also have the idea of “scopes”, given that it is authentication and NOT authorization?

Also, does this work for external services, too? Or just Monday.com?

basdebruin · February 19, 2021, 8:01pm

Yes, the ShortLivedToken that are send in every call from the monday servers to your backend has a scope. When you install the app the user is asked to accept the scope for the app.

I think it only works for monday. If there is a need to have tokens for other apps, you will need to start the OAuth handshake for that application / service.

system · February 19, 2021, 3:47pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.