Redirect_uri - what should this contain?

Hi,

I am new to programming, trying to learn to work with API's. I'm using the standard OAuth to connect to our PureCloud enviroment (https://developer.mypurecloud.com/api/tutorials/oauth-implicit/?language=javascript&step=1). The logon is working fine, but I keep getting the following error on the redirect: This Page does not exist. I see this error within the PureCloud Admin page.

Perhaps a stupid question, but what should the redirect_uri point to, and what should it contain? Googled a lot, but can't really find a proper answer. Even when I enter https://google.com as redirect, I get the same error, while I would just expect it to open Google?

Thanks in advance!

When you initiate an implicit or token auth flow, you provide a redirect URI with that request. After the user authenticates successfully, they will be redirected to the provided redirect URI, provided it exactly matches one of the redirect URIs configured on the oauth client. This prevents malicious apps from hijacking your auth flow and redirecting the user to a malicious site afterwards.

1 Like

Thanks for your reply.

So in theory I can put any URL in there, as long as it's on the same domain and it's in here?:
uri

So for example: http://mysite.com/test.html? Because this is what I try, but I keep getting an error that the page doesn't exist.

This is the full URL it goes to: https://apps.mypurecloud.de/admin/#/admin/oauth/authorizations/5312b80c-bce3-4edd-bd60-76190182ab21response_type=token&client_id=5642b80c-bde3-4edd-b560-a62231a8cb21&redirect_uri=http://my.site/test.html

(I changed some of the numbers and letters in the token for obvious reasons)

The user will be redirected to the redirect URI provided. If you use a fake URL, the user will be redirected to that fake URL. You should use the URL of your application that will handle the auth redirect and grab the access token.

1 Like

Thanks. I now get logged on, but I get see the following error: Failed to load resource: the server responded with a status of 401 (Unauthorized)

console.log(location.hash); is in the code. This logs the following in the console: #access_token=HANDLE_ACCESS_TOKENS_LIKE_PASSWORDS&expires_in=86399&token_type=bearer

Is this the correct syntax? The "&expires_in=86399&token_type=bearer" shouldn't be in there, should it?

Access tokens must be handled like passwords. Posting your access token publicly allows anyone access to your org. Please take steps to secure this user's account and your org immediately.

401 means you didn't send a valid access token with the API request.

It should. See the documentation here: https://developer.mypurecloud.com/api/rest/authorization/use-implicit-grant.html

1 Like

My bad, will make sure we take the right steps.

I got it to work by the way... I found out I still had https://api.mypurecloud.com in the code, instead of https://api.mypurecloud.de. What a silly mistake.

Thanks a lot for helping!

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.