cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
samuel_malcolm
Community Participant

Developer Key with Multiple Redirect URIs?

Jump to solution

Hi all! i cant seem to get something working and im probably missunderstanding or making a silly mistake. Basically i want my developer key to be able to use multiple redirects, one for testing and one for production. But when i use the Redirect URIs in the developer key settings box and list both that are needed i get the error when trying to use the oAuth2 flow that the URI is not the one associated with the developer key? has anyone else had this issue? i basically want the dev key to be able to redirect to my application server OR localhost depending on which one i pass into the query string. Is this possible? I would think thats the purpose of having the multiple redirect URI box 292697_dev key.png

When i have this if i go to the auth url with my client id i get the invalid redirect error.

Labels (2)
1 Solution

Accepted Solutions

OK i have it working now, the issue was leaving the slash off in the developer key settings and having it on in the query string. They have to be exactly the same

View solution in original post

5 Replies
pklove
Community Champion

We have multiple redirect URIs entered like you have and it works fine.

What does your OAuth call look like?   Does it work okay if you only have one redirect URI?

samuel_malcolm
Community Participant

institution.instructure.com/login/oauth2/auth?client_id=1234&response_type=code&redirect_uri=http://localhost:3000/canvas/auth/&state=1

I structured it as seen in the docs but i still get errors, not sure why

OK i have it working now, the issue was leaving the slash off in the developer key settings and having it on in the query string. They have to be exactly the same

View solution in original post

z_dusatko
Community Participant

This is might not directly related but is it safe to have localhost url there? I think since the token user needs key the only way to get compromised it not using https for localhost. Just that we are also using http://locahost to develop and test on our local machines and I was wondering about security...

pklove
Community Champion

Interesting consideration.

As long as your client key has not been obtained via some other process I think you are okay.  The re-direct to localhost just has the code and you cannot do anything with that unless you know the client_id and client_secret.