FormidableLabs / react-native-app-auth

React native bridge for AppAuth - an SDK for communicating with OAuth2 providers
https://commerce.nearform.com/open-source/react-native-app-auth
MIT License
2.04k stars 441 forks source link

Imgur doesn't accept redirect_uri #1017

Open garyyeap opened 2 months ago

garyyeap commented 2 months ago

Issue

I followed the instructions provided in https://github.com/FormidableLabs/react-native-app-auth/issues/516#issuecomment-2115465572.

react-native-app-auth generated the url:

https://api.imgur.com/oauth2/authorize?redirect_uri=com.myapp%253A%252F%252Foauth&client_id=xxxx&response_type=code&state=CeCjYuaMTtKVEuGvcW5EtA&nonce=DK8X_F3jH_z7F2dxgcNfRQ&code_challenge=eaUwn9soj0T-o2xMJCFj0WDZShVjoS1ENrLOSZVWX_s&code_challenge_method=S256

However, this resulted in an error:

{
  "data": {
    "error": "The redirect URI provided is missing or does not match",
    "request": "/oauth2/authorize",
    "method": "POST"
  },
  "success": false,
  "status": 400
}

Since the Imgur API documentation doesn't mention the need for a redirect_uri, I decided to remove it from the URL:

https://api.imgur.com/oauth2/authorize?client_id=xxxx&response_type=code&state=CeCjYuaMTtKVEuGvcW5EtA&nonce=DK8X_F3jH_z7F2dxgcNfRQ&code_challenge=eaUwn9soj0T-o2xMJCFj0WDZShVjoS1ENrLOSZVWX_s&code_challenge_method=S256

This modification successfully resolved the error.

Environment

carbonrobot commented 2 months ago

If you do not provide a redirect_uri, then Imgur can not send the user back to your application. In order for the redirect URI to work, the one configured in your application must match the one configured in your Imgur Oauth account settings.

garyyeap commented 2 months ago

It can, witthout providing the redirect_uri. I tested out. I believe Imugur just follow the url from their application setting but not the query string. Do I need to record a video to prove it?

image
carbonrobot commented 2 months ago

Thanks for the screenshot, that clarifies things for us (since we don't have an account with every provider, it can be difficult to test sometimes). We can look at making the redirectUrl property optional in the configuration.