I need some insight into why I’m getting this error message. The message itself isn’t helpful; there are no log entries in the Developer Workspace that might shed light on why SmartThings gives this message; there are no community postings that I can find that help.
I’ve done the following:
Created a new SmartApp in the Developer Workspace
Confirmed it successfully by receiving a POST from SmartThings to the Hosting URL and doing a GET to the confirmationUrl provided in that POST
Received my client ID and client secret code
Sent a request for an authorization code to the SmartThings OAuth server (including the client ID, and a redirect URL): https://api[dot]smartthings[dot]com/oauth/authorize?client_id=&response_type=code&scope=&redirect_uri=<my redirect URL). The parameters are all URI-encoded.
The SmartThings server opens the SmartThings app, and displays that mystifying error message (“‘redirect_uri’ could not be validated”; screenshot below)
I’ve tried specifying a list of scopes, and an empty scope, and no scope parameters; all give the same error. I’ve tried with and without a “state” parameter; same error. I don’t understand what it’s trying to validate.
Thanks in advance for any help. It would be very much appreciated.
I am a bit confused. Steps 1 to 3 look like the process for creating a Webhook SmartApp (what they call an Automation in the Developer Workspace). Then in step 4 it seems to have morphed into an API_ONLY OAUTH2 app which can’t be created in the Developer Workspace.
Indeed, Graham and Andreas are right. We cannot combine the flows of a SmartApp and OAuth (API access) App.
There was someone with the same issue as yours and he observed the redirect URI when using the SmartApp is different than what you define in the Developer Workspace, I’ll include it here as a reference: https://api.smartthings.com/installedapp?error=invalid_request&error_description=The+request+is+malformed
So, it will never work. The post shared by @Andreas_Roedl has instructions to create this kind of app through the API. Please let me know if you have any questions.
I’d seen some posts & documentation that implied that there were distinct app types, but couldn’t find clear (to me, anyway) documentation for that. The OAuth Integration Documentation uses the term “SmartApp” extensively, as does the Developer Workspace and its documentation… but without clarifying the different types.
But you’ve given me some good direction now; thanks again.
