Hi, I am implementing the oauth2 part of my smartapp and the authorize step directs to error=invalid_request&error_description=The+request+is+malformed.
Hi, @rst11
This is weird. You should be redirected to the “redirect URI” you defined in your app’s configuration, along with the authorization code as the query parameter. Have you checked if you receive that request on your server?
I haven’t seen this flow redirecting to the installedapp endpoint.
Hi @nayelyz . does this mean the &redirect_url= specified on the url the client is being directed to is completely ignored? can i remove it so not to cause confusion.
Are there any logs that i can view that will explain why the there is no call to the url specified on the application registration?
can you explain what you mean by: >> I haven’t seen this flow redirecting to the installedapp endpoint.
No, it is used, but it must match the redirect URI you defined in your app’s configuration. Both must be present.
Not directly, but you can test first if your URL passes this SSL test: SSL Server Test (Powered by Qualys SSL Labs)
If not, that could be the reason why no request reaches your server.
This URL you shared it’s similar to the installedapp endpoint of the API: API | Developer Documentation | SmartThings
So, I just was wondering why it was redirected there.
If the URL passes the test, we would need your help by replicating the issue and providing this information:
App ID
Timestamp of when you tried to authorize your app including your timezone. For example: 14:00 GMT-6
Something I have observed is that using the CLI command smartthings apps:oauth:generate (at least I think it was that one) results in a spurious https://apps.smartthings.com/installedapp/ being added as the first entry in the redirectUris array. There is still no obvious reason why it should be used instead of the specified one but I’ve had it happen.
I do not use this command. I create the app via Postman and I’ve defined my REDIRECT_URI in the body. If the URI were incorrect, I would receive an error in the response body stating that the REDIRECT_URI is invalid
Then, you need to start the OAuth 2.0 process which consists on:
The Access Token you get expires in 24 hours.
The Refresh Token expires in 29 days if not used. We suggest you refresh the token before this time, otherwise, you’ll lose the Refresh token and the User will need to re-authorize.
NOTE: Remember the OAuth integration has alimit of 500 installations by default. Each time a user authorizes access to one of his/her locations, it will count as 1 installation. This means, if a user has 3 locations and authorizes access to each of them, he/she will use 3 installations.
To refresh the Access Token, you need to use the same endpoint but the grant_type is different, here’s an example about this: