403 Error when using oath

Apps & Clients
1

I’m in the process of migrating my application from using PATs to OATH client/secret. I’ve used the CLI to create the app including a redirect of http://localhost. The following is the URL that is being used with sensitive data removed

https://api.smartthings.com/oauth/authorize?client_id=6XXX&scope=r%3Adevices%3A%24%20x%3Adevices%3A*&response_type=code&redirect_uri=http%3A%2F%2Flocalhost

I always get the same 403 Forbidden error. I’ve tried a large number of variations on this to try and get it to work, but nothing seems to change

2

@orangebucket created a post that you might find helpful.

3

Hi, @Fluxell

Did you solve the issue?
“HTTP” and “localhost” URLs are not accepted as Redirect URLs, so, you need to use an HTTPS URL that will redirect to your “localhost” endpoint. I suggest you use Ngrok to create a tunnel for this purpose.