Callback URL is invalid when getting temporary credentials.

Question

Callback URL is invalid when getting temporary credentials.

mikejhale opened this issue 10 years ago · 20 comments

I'm not sure if this is an issue with the example-client or the oAuth server, but on step 2 I get the following error message no matter what callback URL is set as the callback in the oAuth server application.

Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials.

Answer 1 · 2015-12-29T19:47:43.000Z

I would have expected http://localhost:8080?step=authorize to work given this code in the app:

    $server = new OAuthClient(array(
        'identifier'   => $_SESSION['client_key'],
        'secret'       => $_SESSION['client_secret'],
        'api_root'     => $_SESSION['site_base'],
        'auth_urls'    => $_SESSION['site_auth_urls'],
        'callback_uri' => get_requested_url() . '?step=authorize',
    ));

but for me, using that URL gets the same error

Answer 2 · 2015-12-30T15:34:03.000Z

Spoke with @tollmanz, who had previously gotten this working, and he asserted that he used http://localhost:8080. That URL does not work for me, nor does localhost:8080, omitting the http://. I continue to get the error described by Mike, "Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials."

Answer 3 · 2015-12-31T02:46:25.000Z

Try setting it without the URL parameters (http://localhost:8080/) and see if that helps. You'll need the trailing slash too, I think.

Answer 4 · 2015-12-31T02:55:15.000Z

I just tested this again myself. I had the callback URL set as http://localhost:8080/ initially and everything worked well. I removed the trailingslash (http://localhost:8080) and I got everyone's favorite error.

Answer 5 · 2015-12-31T17:40:04.000Z

Adding the trailing slash did the trick for me.

Answer 6 · 2016-01-01T00:40:19.000Z

Is the requirement for the trailing slash a weakness of the oauth plugin, or the client app? I believe that it should be called out in one UI or another, since this tripped a bunch of us up.

Answer 7 · 2016-01-01T05:55:19.000Z

It's an issue in the OAuth callback validation: the URLs aren't being normalised.

Answer 8 · 2016-05-16T19:21:09.000Z

Hello, i've the same issue (Callback URL is invalid" when getting temporary credentials.). I've tried any combination of the callback
http://127.0.0.1/example-client/www/
127.0.0.1/example-client/www/
http://localhost:8080/example-client/www/
localhost:8080/example-client/www/
with and without trailing slash and port.

I could also verify, that the passed credentials were correct. Any idea in which direction i could search for a solution?

Many thanks in advance.

Answer 9 · 2016-06-04T13:56:54.000Z

Has someone resolved this issue yet? I have got stuck at this. Don't know what could be a valid callback url :(

Answer 10 · 2016-08-30T19:22:57.000Z

I set my callback url to include the /index.php and it finally went past this error.

Answer 11 · 2016-09-24T10:19:03.000Z

yeah,I run this at http://localhost:8080,the call back url set http://localhost:8080/,it's work for me.

Answer 12 · 2016-11-10T16:21:14.000Z

I just tested with the latest version of everything and it works fine. Just need the trailing slash

Answer 13 · 2017-02-08T04:51:00.000Z

I cannot get this to work. Tried with/without trailing slash.
Any test I could run to check what's going on?

Answer 14 · 2017-11-01T09:40:00.000Z

Tried with/without trailing slash, after authentication, tries to redirect and fails with: ERR_EMPTY_RESPONSE.

Answer 15 · 2017-11-20T12:52:59.000Z

Callback URL you defined on WP Admin Panel must be same with your backend application and you must use / end of URL.

Answer 16 · 2018-03-05T17:08:48.000Z

I'm very confused about this whole process. I created an application in the WP admin, with a callback URL of https://website.com/success/

In the example client I put in the site URL and it comes back as API discovered at https://website.com/wp-json/ which looks correct.

I provide the key and secret generated from the WP admin application. I am getting "Callback URL is invalid" when getting temporary credentials." through this.

My callback URL ends in a /
I modified my .htaccess to include RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

What am I doing wrong? I can't figure out how to successfully make a request to get credentials either through this example client or otherwise.

Answer 17 · 2018-03-06T06:26:20.000Z

@pinksharpii Your callback URL needs to be exactly wherever the example client is hosted (must match scheme, host, port, and path). Are you hosting the example client at https://website.com/success/?

Answer 18 · 2018-03-06T14:21:59.000Z

@rmccue No I substituted website.com for the actual client site for confidentiality. Does there need to be any query string parameters in the URL for it to work?

Answer 19 · 2018-03-07T02:17:13.000Z

@pinksharpii Yeah, I meant more "are you hosting the example client at [where you set the callback URL to]?", since usually the example client is hosted on a port on localhost. Specifically, the callback URL that the example client sends with the request needs to match the URL registered, and the example client gets this URL from window.location.

You don't need any query string parameters.

Answer 20 · 2022-08-16T06:29:16.000Z

It is 2022 and this issue STILL has not been properly patched. Very shameful of Vercel.