invalid_request: The redirect_uri parameter does not match a valid url for the application.
I am continuously getting this error for last few days while authenticating users using OAuth. This was working fine when this issue appeared all of a sudden. I have tried everything that came to my mind including restarting the app, redeploying my app even creating a new sample app, but the problem won’t go away.
I wanted to check if this is not an issue from Asana, as other people might be facing same issue.
I’m not aware of any other reports that this is happening, but you could well be the first to report it, so let’s investigate. There was a bug fix recently in some of the code just around that process, so I’ll ask the engineer who made the change if he can think of any reason that this might have changed.
This error is meant to be thrown when the redirect_uri parameter of your authorization request does not match the value you set up in Asana when creating the OAuth app (this is for security purposes to prevent a man-in-the-middle attack by rewriting the redirect_uri parameter during authorization to send the credentials to a malicious site). Can you double-check that the value you’re asking for and the value set up in the app configuration match? (under your profile settings in Asana, then the “Apps” tab, then the link at the bottom to “Manage Developer Apps”)
This problem got (partially) resolved when I updated .Net framework to 4.6 which uses TLS 1.2 by default. I guess this could be a possibility that TLS 1.2 has been recently made mandatory for OAuth at Asana’s backend.
I am still facing an issue which was clearly not there before. My users are now required to log out and re-login to use the APIs after a day otherwise they will receive a 401. I am still working on this issue and will be updating this thread, in case someone else faces a similar issue. Any information from Asana’s team will be appreciated to pin-point this and to understand the exact cause.
That sounds strange. Can you give us more details? Do they need to log out of Asana or your app?
Are you using an implicit grant flow to get Asana OAuth tokens? If so: our access tokens expire after an hour for security reasons, so you need to ensure that you get a new token every hour (if the user has already authorized the app then Asana will redirect back to your app with a new token without displaying anything to the user).
What message does Asana send with the 401 (when our API sends error responses, we sometimes include an explanatory message in the body of the request)?
I just purchased “GTD for Asana” for my iPad Mini. I use Asana at work with my Google account. When I attempt to login to the app on iPad (which I’ve never done successfully) I get the exact same error (i.e., “invalid_request: The ‘redirect_uri’ parameter does not match a valid url for the application”).
Hmm. I think the solution @Rico_Criner would be to reach out to the support of the app and ask them to check the settings of their app (like I mentioned above). My hunch is that they’re using a http redirect, where we made a change last july deprecating this in favor of requiring that the redirect be https, that is, where you go after logging in to Asana to authorize the app has to be to a server whose address starts with “https”.
