AnsweredAssumed Answered

Error 400 (invalid redirect URI) when using OAuth 2.0

Question asked by Jessedosborne on Dec 30, 2016
Latest reply on Apr 11, 2017 by TCEQadmin

I've registered a web app in my AGOL org account. It's not a geospatial app, but will be pulling secure data from REST services in AGOL that are only shared with specific individuals . When I registered it, it generated an App ID and I followed the OAuth2.0 examples to try and have the app login on behalf of itself. However, I continue to receive an error: 400 (invalid redirect uri) whenever I try and launch the esriId.getCredential() method using Identity Manager.

______________________________________

Snippet here:

 

var portalUrl = "https://www.arcgis.com";

var info = new OAuthInfo({
appId: "<removed app id for this question post>",

 

 

popup: true
});
esriId.registerOAuthInfos([info]);

esriId.checkSignInStatus(info.portalUrl + "/sharing").then(
function (){
// User has signed in
displayItems();
}
).otherwise(
function (){
// User has not signed in
domStyle.set("anonymousPanel", "display", "block");
domStyle.set("personalizedPanel", "display", "none");
}
);

on(dom.byId("sign-in"), "click", function (){
// user will be shown the OAuth Sign In page
esriId.getCredential(info.portalUrl + "/sharing", {
oAuthPopupConfirmation: true
}
).then(function (){
displayItems();
});
});

_____________________________

 

In the esri documentation when it says when registering the app, that a Redirect URI are "valid addresses that users of your app can be redirected to after they successfully log in." Am I not this understanding correctly, but shouldn't this mean that the Redirect URI should be the same as the address of the application? If my application is located at https://this.com, upon a user signing-in wouldn't I want the user to return to just return https://this.com after they've signed in?

Outcomes