example-client icon indicating copy to clipboard operation
example-client copied to clipboard

Published 20 hours ago verified publisher icon WP-API

Callback URL is invalid when getting temporary credentials.

Open mikejhale opened this issue 9 years ago • 20 comments

I'm not sure if this is an issue with the example-client or the oAuth server, but on step 2 I get the following error message no matter what callback URL is set as the callback in the oAuth server application.

Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials.

mikejhale avatar Dec 12 '15 00:12 mikejhale

I would have expected http://localhost:8080?step=authorize to work given this code in the app:

    $server = new OAuthClient(array(
        'identifier'   => $_SESSION['client_key'],
        'secret'       => $_SESSION['client_secret'],
        'api_root'     => $_SESSION['site_base'],
        'auth_urls'    => $_SESSION['site_auth_urls'],
        'callback_uri' => get_requested_url() . '?step=authorize',
    ));

but for me, using that URL gets the same error

kadamwhite avatar Dec 29 '15 19:12 kadamwhite

Spoke with @tollmanz, who had previously gotten this working, and he asserted that he used http://localhost:8080. That URL does not work for me, nor does localhost:8080, omitting the http://. I continue to get the error described by Mike, "Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials."

kadamwhite avatar Dec 30 '15 15:12 kadamwhite

Try setting it without the URL parameters (http://localhost:8080/) and see if that helps. You'll need the trailing slash too, I think.

rmccue avatar Dec 31 '15 02:12 rmccue

I just tested this again myself. I had the callback URL set as http://localhost:8080/ initially and everything worked well. I removed the trailingslash (http://localhost:8080) and I got everyone's favorite error.

tollmanz avatar Dec 31 '15 02:12 tollmanz

Adding the trailing slash did the trick for me.

mikejhale avatar Dec 31 '15 17:12 mikejhale

Is the requirement for the trailing slash a weakness of the oauth plugin, or the client app? I believe that it should be called out in one UI or another, since this tripped a bunch of us up.

kadamwhite avatar Jan 01 '16 00:01 kadamwhite

It's an issue in the OAuth callback validation: the URLs aren't being normalised.

rmccue avatar Jan 01 '16 05:01 rmccue

Hello, i've the same issue (Callback URL is invalid" when getting temporary credentials.). I've tried any combination of the callback http://127.0.0.1/example-client/www/ 127.0.0.1/example-client/www/ http://localhost:8080/example-client/www/ localhost:8080/example-client/www/ with and without trailing slash and port.

I could also verify, that the passed credentials were correct. Any idea in which direction i could search for a solution?

Many thanks in advance.

tetozito avatar May 16 '16 19:05 tetozito

Has someone resolved this issue yet? I have got stuck at this. Don't know what could be a valid callback url :(

i30 avatar Jun 04 '16 13:06 i30

I set my callback url to include the /index.php and it finally went past this error.

Critter avatar Aug 30 '16 19:08 Critter

yeah,I run this at http://localhost:8080,the call back url set http://localhost:8080/,it's work for me.

wakasann avatar Sep 24 '16 10:09 wakasann

I just tested with the latest version of everything and it works fine. Just need the trailing slash

topdown avatar Nov 10 '16 16:11 topdown

I cannot get this to work. Tried with/without trailing slash. Any test I could run to check what's going on?

Jany-M avatar Feb 08 '17 04:02 Jany-M

Tried with/without trailing slash, after authentication, tries to redirect and fails with: ERR_EMPTY_RESPONSE.

towfiqi avatar Nov 01 '17 09:11 towfiqi

Callback URL you defined on WP Admin Panel must be same with your backend application and you must use / end of URL.

nicely avatar Nov 20 '17 12:11 nicely

I'm very confused about this whole process. I created an application in the WP admin, with a callback URL of https://website.com/success/

In the example client I put in the site URL and it comes back as API discovered at https://website.com/wp-json/ which looks correct.

I provide the key and secret generated from the WP admin application. I am getting "Callback URL is invalid" when getting temporary credentials." through this.

  • My callback URL ends in a /
  • I modified my .htaccess to include RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

What am I doing wrong? I can't figure out how to successfully make a request to get credentials either through this example client or otherwise.

pinksharpii avatar Mar 05 '18 17:03 pinksharpii

@pinksharpii Your callback URL needs to be exactly wherever the example client is hosted (must match scheme, host, port, and path). Are you hosting the example client at https://website.com/success/?

rmccue avatar Mar 06 '18 06:03 rmccue

@rmccue No I substituted website.com for the actual client site for confidentiality. Does there need to be any query string parameters in the URL for it to work?

pinksharpii avatar Mar 06 '18 14:03 pinksharpii

@pinksharpii Yeah, I meant more "are you hosting the example client at [where you set the callback URL to]?", since usually the example client is hosted on a port on localhost. Specifically, the callback URL that the example client sends with the request needs to match the URL registered, and the example client gets this URL from window.location.

You don't need any query string parameters.

rmccue avatar Mar 07 '18 02:03 rmccue

It is 2022 and this issue STILL has not been properly patched. Very shameful of Vercel.

TimMTech avatar Aug 16 '22 06:08 TimMTech