Callback URL is invalid when getting temporary credentials.

[mikejhale]

I'm not sure if this is an issue with the example-client or the oAuth server, but on step 2 I get the following error message no matter what callback URL is set as the callback in the oAuth server application.

Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials.

[kadamwhite]

I would have expected http://localhost:8080?step=authorize to work given this code in the app:

    $server = new OAuthClient(array(
        'identifier'   => $_SESSION['client_key'],
        'secret'       => $_SESSION['client_secret'],
        'api_root'     => $_SESSION['site_base'],
        'auth_urls'    => $_SESSION['site_auth_urls'],
        'callback_uri' => get_requested_url() . '?step=authorize',
    ));

but for me, using that URL gets the same error

[kadamwhite]

Spoke with @tollmanz, who had previously gotten this working, and he asserted that he used http://localhost:8080. That URL does not work for me, nor does localhost:8080, omitting the http://. I continue to get the error described by Mike, "Received HTTP status code [500] with message "Callback URL is invalid" when getting temporary credentials."

[rmccue]

Try setting it without the URL parameters (http://localhost:8080/) and see if that helps. You'll need the trailing slash too, I think.

[tollmanz]

I just tested this again myself. I had the callback URL set as http://localhost:8080/ initially and everything worked well. I removed the trailingslash (http://localhost:8080) and I got everyone's favorite error.

[mikejhale]

Adding the trailing slash did the trick for me.

[kadamwhite]

Is the requirement for the trailing slash a weakness of the oauth plugin, or the client app? I believe that it should be called out in one UI or another, since this tripped a bunch of us up.

[rmccue]

It's an issue in the OAuth callback validation: the URLs aren't being normalised.

[tetozito]

Hello, i've the same issue (Callback URL is invalid" when getting temporary credentials.). I've tried any combination of the callback http://127.0.0.1/example-client/www/ 127.0.0.1/example-client/www/ http://localhost:8080/example-client/www/ localhost:8080/example-client/www/ with and without trailing slash and port.

I could also verify, that the passed credentials were correct. Any idea in which direction i could search for a solution?

Many thanks in advance.

[i30]

Has someone resolved this issue yet? I have got stuck at this. Don't know what could be a valid callback url :(

[Critter]

I set my callback url to include the /index.php and it finally went past this error.

[wakasann]

yeah,I run this at http://localhost:8080,the call back url set http://localhost:8080/,it's work for me.

[topdown]

I just tested with the latest version of everything and it works fine. Just need the trailing slash

[Jany-M]

I cannot get this to work. Tried with/without trailing slash. Any test I could run to check what's going on?

[towfiqi]

Tried with/without trailing slash, after authentication, tries to redirect and fails with: ERR_EMPTY_RESPONSE.

[nicely]

Callback URL you defined on WP Admin Panel must be same with your backend application and you must use / end of URL.

[pinksharpii]

I'm very confused about this whole process. I created an application in the WP admin, with a callback URL of https://website.com/success/

In the example client I put in the site URL and it comes back as API discovered at https://website.com/wp-json/ which looks correct.

I provide the key and secret generated from the WP admin application. I am getting "Callback URL is invalid" when getting temporary credentials." through this.

• My callback URL ends in a /
• I modified my .htaccess to include RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

What am I doing wrong? I can't figure out how to successfully make a request to get credentials either through this example client or otherwise.

[rmccue]

@pinksharpii Your callback URL needs to be exactly wherever the example client is hosted (must match scheme, host, port, and path). Are you hosting the example client at https://website.com/success/?

[pinksharpii]

@rmccue No I substituted website.com for the actual client site for confidentiality. Does there need to be any query string parameters in the URL for it to work?

[rmccue]

@pinksharpii Yeah, I meant more "are you hosting the example client at [where you set the callback URL to]?", since usually the example client is hosted on a port on localhost. Specifically, the callback URL that the example client sends with the request needs to match the URL registered, and the example client gets this URL from window.location.

You don't need any query string parameters.

[TimMTech]

It is 2022 and this issue STILL has not been properly patched. Very shameful of Vercel.