404 error=invalid_request&error_description=The+request+is+malformed

rst11 · November 23, 2024, 8:09pm

Hi, I am implementing the oauth2 part of my smartapp and the authorize step directs to error=invalid_request&error_description=The+request+is+malformed.

I am directing user to
https://api.smartthings.com/oauth/authorize?response_type=code&client_id=3446d2fc-7541-4758-ad03-e781bb8fb82&redirect_url=https://www.MYDOMAIN.co.uk:5000/callback

as a user I am able to login, select the location and devices and click the authorize button.
This directs to the https://api.smartthings.com/installedapp?error=invalid_request&error_description=The+request+is+malformed. url and a 404 error.

Looking to understand why and how to resolve.

nayelyz · November 25, 2024, 6:10pm

Hi, @rst11
This is weird. You should be redirected to the “redirect URI” you defined in your app’s configuration, along with the authorization code as the query parameter. Have you checked if you receive that request on your server?

I haven’t seen this flow redirecting to the installedapp endpoint.

rst11 · November 26, 2024, 9:47pm

Hi @nayelyz . does this mean the &redirect_url= specified on the url the client is being directed to is completely ignored? can i remove it so not to cause confusion.

Are there any logs that i can view that will explain why the there is no call to the url specified on the application registration?

can you explain what you mean by:
>> I haven’t seen this flow redirecting to the installedapp endpoint.

many thanks

nayelyz · November 26, 2024, 10:00pm

No, it is used, but it must match the redirect URI you defined in your app’s configuration. Both must be present.

Not directly, but you can test first if your URL passes this SSL test: SSL Server Test (Powered by Qualys SSL Labs)
If not, that could be the reason why no request reaches your server.

This URL you shared it’s similar to the installedapp endpoint of the API: API | Developer Documentation | SmartThings
So, I just was wondering why it was redirected there.

If the URL passes the test, we would need your help by replicating the issue and providing this information:

App ID
Timestamp of when you tried to authorize your app including your timezone. For example: 14:00 GMT-6

rst11 · November 29, 2024, 4:08pm

Hi @nayleyz. My app https address and certiciate all pass. How can i privately send you the details you have asked for?

nayelyz · November 29, 2024, 4:26pm

Hi, @rst11, you can send me a direct message in this forum or an email to build@smartthings.com.

rst11 · November 29, 2024, 6:42pm

Hi Nayelyz. I have sent you a message. Thanks!

Topic		Replies	Views
'redirect_uri' could not be validated Support	1	857	February 5, 2021
Error: "redirect_uri could not be validated" During Login for Automation Project with Webhook Support oauth	7	96	September 12, 2024
Oauth2 redirect_uri not being called SmartApps & Automations smartapp	1	876	April 8, 2016
OAuth 2.0 flow? Writing SmartApps oauth	7	2416	August 17, 2019
OAuth Authorization issue. Invalid Query Parameters - ?error=server_error& Writing SmartApps	1	331	January 13, 2024

404 error=invalid_request&error_description=The+request+is+malformed

Related topics