Getting an Access Token - redirect_uri is invalid

[mossintech]

Hi I cannot find out why my code keeps getting this error. I am successfully getting a call back after logging and clicking on "Grant". My code then attempts to get an access tokoen but fails with the redirect message. java code below request = OAuthClientRequest .tokenLocation(tokenURL) .setGrantType(GrantType.AUTHORIZATION_CODE) .setClientId(hmrct.getCashClientid().trim()) //internal record with the client id, this works for the initial call .setClientSecret(hmrct.getCashClientsecret().trim()) //internal record with the client secret, this works for the initial call .setRedirectURI(redirectURI) //valid URL and set as a redirect on the Developer Hub for the application .setCode(code) //code from HMRC .buildBodyMessage(); OAuthJSONAccessTokenResponse tokenResponse = oauthConnector.getOAuthClient().accessToken(request); accessToken = tokenResponse.getAccessToken(); refreshToken = tokenResponse.getRefreshToken();

Exception: java.lang.RuntimeException: OAuthProblemException{error='invalid_request', description='redirect_uri is invalid', uri='null', state='null', scope='null', redirectUri='null', responseStatus=400, parameters={}}

I am using the org.apache.oltu.oauth2.client.request.OAuthClientRequest package for this, which is/was shown in original code examples. I have tried encoding the redirct URI with % and x-form encoding with the same result. A few clues please!

[mPisano]

I'm unfamiliar with the libs, I'm a Windows guy, but your error is "redirect_uri" is invalid and your own exception is:

_Exception: java.lang.RuntimeException: OAuthProblemException{error='invalid_request', description='redirecturi is invalid', uri='null', state='null', scope='null', redirectUri='null', responseStatus=400, parameters={}}

Why is everything null? What is you redirect set to on submission and in the portal for the application (mask the ip if necessary)

Also - Was this working and stopped, a new development project?

[JeeBeePee]

Looks like you've initialised but failed to assign a value to the strings used to build your token request. Perhaps try to write them to System.out prior to building your request.

[mossintech]

@mPisano as to why so many nulls, I am assuming this is the response from HMRC and they are not returning a URI etc with an error; possibly a generic error response. This code is not new, but not been used for a couple of years and worked back in 2019. Old software being pressed back into service. @JeeBeePee String are all fully populated with the correct values, the record in question was also used to generate the original call to HMRC to grant authority. I've spent hours trying different combinations of stirngs and encoding and always the same error message. I was hoping someone new of a java example that worked so I could see what's changed or understood HMRC's error message, does recdirect_uri means it's badly formatted or not one HMRC recognise (which shouldn't be the case)

[mPisano]

I would log back in to the Developers portal and check all your sandbox or production settings and make sure they match what your sending. I would also check your headers and most importantly your TLS settings. TLS 1.2 was not mandatory prior to I believe June of 2020, If this code use to work and now doesn't I would triple check this.

I know you're in Java but if you use C#\VS at all you can try your settings in my fork https://github.com/mPisano/MTDCompliance There is a test app for the lib - at least you can prove that it's not HMRC backend issue

HTH Mike

[hmrc-api-team]

Hello, we are closing this issue due to age. If you still have any persisting issues please feel free to open a new issue.