Oauth2 Authorization redirect_uri_mismatch

[jonecx]

In Android WebView, trying to implement a third party app authentication for users. My request url is

Note: the parameter values are replaced with fake values for the purpose of this question

https://www.tumblr.com/oauth2/authorize?client_id=T0G9la1U2QUYJnUM6wuYEWinQWx8gDRS04KB6YtX4r&response_type=code&scope=write&redirect_uri=hik://authorized.com&state=OjE3MDcyNDAxxMzA6akZTSXBmY2k4dXB6YTVHTWdmR1JaY2hVTWRZ

it has all the values client_id, response_type, redirect_uri, state and scope. Just like in the API description

It opens the sign in page, it lets them sign in and shows them allow/deny page but when users hit the "Allow" button

it show show them "hiq://authorized.com?error=redirect_url_mismatch&error_description=The+redirect+URI+provided+is+missing+or+does+not+match&error_uri=http..."

I have the same redirect URI in my request and the Tumblr Apps Console which

Default callback URL:hik://authorized.com
OAuth2 redirect URLs (space separate):hik://authorized.com

I am doing exactly like in the documentation but no luck so far

[sanmai]

It hard to tell what is wrong without looking at the actual app ID and redirects.

Please consider using Tumblr Support form if you can't share them openly.

https://tumblr.com/support

[jonecx]

@sanmai When you said the actual app ID, did you mean the actual client_id (OAuth Consumer Key) or the Application Name in the https://www.tumblr.com/oauth/apps forms?

I submitted the issue in the support with title "Something else" also. I submitted twice because I forgot to include a link in the first one

[sanmai]

Having a client_id will certainly help.

[jonecx]

sure here is the client id T0G9la1U2QUYXAbeDQu5JnUM6wuYEWinQWx8gDRS04KB6YtX4r

Also pushed a sample project where one can checkout and repro what I mentioned. This is the specific line where you can start your debugging https://github.com/jonecx/qio/blob/main/app/src/main/java/com/jonecx/qio/MainActivity.kt#L85

[sanmai]

Looking at relevant RFCs, we shouldn't have rejected the request here because an absolute URI is valid even without a trailing slash. But we still want it.

https://github.com/jonecx/qio/blob/6973273cd4248f3b9528f29d5bd993f7aa9bd6a2/app/src/main/java/com/jonecx/qio/MainActivity.kt#L27-L31

The fix is to add a trailing slash (/) to the URL and it'll work.

[jonecx]

Thanks for the response, when I add a trailing slash to
url= "https://www.tumblr.com/oauth2/authorize? client_id=T0G9la1U2QUYXAbeDQu5JnUM6wuYEWinQWx8gDRS04KB6YtX4r& response_type=code& scope=write& redirect_uri=qio://authorized.com/
I get an error like this
qio://authorized.com/?error=invalid_request&error_description=The+state+parameter+is+required#=

I added a trailing / at the tumblr/auth/apps console and didn't make any difference.

[nightpool]

It looks like you didn't provide the `state` parameter, as the error message indicates

…

On Thu, Dec 7, 2023 at 9:23 PM jonecx ***@***.***> wrote: Thanks for the response, when I add a trailing slash to url= "https://www.tumblr.com/oauth2/authorize? client_id=T0G9la1U2QUYXAbeDQu5JnUM6wuYEWinQWx8gDRS04KB6YtX4r& response_type=code& scope=write& redirect_uri=qio://authorized.com/ I get an error like this qio:// authorized.com/?error=invalid_request&error_description=The+state+parameter+is+required# *=* I added a trailing / at the tumblr/auth/apps console and didn't make any difference. — Reply to this email directly, view it on GitHub <#122 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABZCVYP52SL27TIRHX23NLYIKB2NAVCNFSM6AAAAABAKH6XQOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGQ4TENZXGU> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[jonecx]

That is true :) I am sorry about that. Yeah I have got the code now. Thanks for the help

For documentation purposes this is how the url has to be in the tumblr/oauth/apps console

• Default Callback URl should have a trailing slash
• Oauth 2 redirect url should have a trailing slash