Back
OAUTH / OIDC - Invalid redirect URL for OAuth success., code:400, project_invalid_success_url
Using Zitadels OAUTH Playground (https://zitadel.com/oidc-playground), I receive the following error when attempting the authentication process:
{"message":"Invalid redirect URL for OAuth success.","code":400,"type":"project_invalid_success_url","version":"1.5.10"}
In the Appwrite logs:
TypeScript
2024-09-05 13:03:45 [Error] URL: /v1/account/sessions/oauth2/:provider/redirect
2024-09-05 13:03:45 [Error] Type: Appwrite\Extend\Exception
2024-09-05 13:03:45 [Error] Message: Invalid redirect URL for OAuth success.
2024-09-05 13:03:45 [Error] File: /usr/src/code/app/controllers/api/account.php
2024-09-05 13:03:45 [Error] Line: 1173```
and after changing the scope to "openid"
```2024-09-05 13:09:24 [Error] Method: GET
2024-09-05 13:09:24 [Error] URL: /v1/account/sessions/oauth2/:provider
2024-09-05 13:09:24 [Error] Type: Utopia\Exception
2024-09-05 13:09:24 [Error] Message: Invalid `scopes` param: Value must a valid array no longer than 100 items and Value must be a valid string and at least 1 chars and no longer than 4096 chars
2024-09-05 13:09:24 [Error] File: /usr/src/code/vendor/utopia-php/framework/src/App.php
2024-09-05 13:09:24 [Error] Line: 774```
The redirect URI provided by AppWrite is also a parameter I use.
> http://localhost/v1/account/sessions/oauth2/callback/oidc/saas-dev
TL;DR
Developers are facing issues with OAuth success URL redirects. The logs indicate an "Invalid redirect URL for OAuth success." error. The issue seems to be related to the redirect URLs being utilized. In one instance, the error message "Invalid `scopes` param" is encountered when the scope is set to "openid." Double-check the redirect URI provided by AppWrite and ensure it is being used as a parameter. JS Code:
TypeScript
const client = new Appwrite.Client();
client
.setEndpoint('http://localhost/v1') // Replace with your Appwrite endpoint
.setProject('saas-dev'); // Replace with your project ID
// Initialize Appwrite account
const account = new Appwrite.Account(client);
// Function to handle OAuth2 login
function handleOAuth2Login() {
// You can replace 'github' with any supported provider (e.g., 'google', 'facebook', etc.)
account.createOAuth2Session(
OAuthProvider = "oidc", // provider
'http://localhost:1234/', // success (optional)
'http://localhost:1234/oauth2', // failure (optional)
[""] // scopes (optional)
);
}```
In the console on the webpage I am getting a HTTP 204 status code for the "OPTIONS" method followed by a HTTP 400 for the "GET" method.
The following are found in the Network requests:
```Request URL:
http://localhost/v1/account/sessions/oauth2/oidc?success=http%3A%2F%2Flocalhost%3A1234%2F&failure=http%3A%2F%2Flocalhost%3A1234%2Foauth2&scopes%5B0%5D=openid
Request Method:
OPTIONS
Status Code:
204 No Content
Request URL:
http://localhost/v1/account/sessions/oauth2/oidc?success=http%3A%2F%2Flocalhost%3A1234%2F&failure=http%3A%2F%2Flocalhost%3A1234%2Foauth2&scopes%5B0%5D=openid
Request Method:
GET
Status Code:
301 Moved Permanently
No response is found for the following request:
TypeScript
https://oauth.provider/oauth/v2/authorize?client_id=123344567889920%40dev&redirect_uri=http%3A%2F%2Flocalhost%2Fv1%2Faccount%2Fsessions%2Foauth2%2Fcallback%2Foidc%2Fgrid-saas-dev&state=%7B%22success%22%3A%22http%3A%5C%2F%5C%2Flocalhost%3A1234%5C%2F%22%2C%22failure%22%3A%22http%3A%5C%2F%5C%2Flocalhost%3A1234%5C%2Foauth2%22%2C%22token%22%3Afalse%7D&scope=openid+profile+email&response_type=code```
Any Idea what could be causing the issue?
Is https://oauth.provider the actual domain, or have you censored it?
I censored the domain. But it's a zitadel instance. I can provide additional info privately if needed.
