'redirect_uri' could not be validated with python

Hey everyone, I am trying to connect with Smarthings App with Python. I have created a integeration app and verified it, Smartthings send me a confirmation_url where i confirm that url. and then i request for Auth with python request https://api.smartthings.com/v1/oauth/authorize?client_id=<my_client_id>&response_type=code&redirect_uri=<my_redirect_uri>&scope=r:devices:*
and it gives me ‘redirect_uri’ could not be validated , while i have already confirm the provided url by smartthings still my url is not validated. Please share your thoughts and possibilities for this issue.
Thanks in Advance

Tagging @nayelyz

1 Like

Is your redirect_uri value URL encoded? (Encoded ampersands, etc?)

Welcome to the SmartThings Community, @Asad_Irshad!

I’m confused, which project type did you select in the Developer Workspace? The confirmation_url is used for a SmartApp but this URL (https://api.smartthings.com/v1/oauth/authorize) is for another integration…

@TylerDurden thanks for your reply, i just made a webhook endpoint for the confirmation as def webhook(request): request_json = request.body.decode('utf8').replace("'", '"') response_data = json.loads(request_json) res = requests.get(response_data['confirmationData']['confirmationUrl']) return JsonResponse(data={"confirmation url verified successfully"},status=200,safe=False)

this method only confirming the url that is provided by the smartthings to register/verify app. After succesfull confirmation it keeps giving me response of redirect_uri is not validated

@nayelyz thanks for your reply, i am trying to get registered devices for that specific account, can you refer me how can i achieve this with python?

To get the list of installed devices in your account, you can create a Personal Access Token and make REST requests to the SmartThings API. For example, this is a request to get the device’s list using Postman:

Endpoint URL: https://api.smartthings.com/v1/devices
You just need to replace xxxx-xxxx-... with the actual PAT.

@nayelyz thanks for you reply, really appreciated. Actually i want to achieve this as genenric auth. Like i don’t want to get PAT for each user i want my endpoint to do that automaticlly for me.
Suppose a user came to my platform and click an endpoint/link that endpoint should automatically completes the auth of the user and that endpoint should return us a token it could be PAT so we can then get the devices of the user.

ooh ok, got it. Well, a similar option is the OAuth Integration but there are two things:

  1. You must belong to an Organization so your request is approved
  2. Currently, new requests are not being accepted because the team is working on some improvements for it.

Also, SmartApps are for self-publish only, this means that if you want to share a SmartApp, each user would have to register it in the Developer Workspace and validate it as you did.

i have integerated this one but this gives me redirect_url is not validated even though i have created a webhook endpoint where i am recieving the response sent by the smartthings which includes

Signature keyId=“/pl/useast1/76-67-1f-db-9a-d5-d9-ce-15-32-7a-4-e7-1d-9e-6f-cf-27-6f-76”,signature=“mQFuH+AHU48kdJFg4n9pglIhY1PxP8D7n3hIWOg98y4jl5/ji+P21AxzRZdeq/XwI0DRQO3hdRiSZF0mMot9lpwuQfxPvxP1Rg0Dio4ZbPesTfB4LL4LvI3HSXf+ZeI/5qQwwlXFhxqtGn9o9LQa59hd1GUKbbG2O3ulbCrf9qMKbka6VJ4+ckVxt+J6YiVwl61TYZU0lEN27BJWpfwnqISJzyTNEyuSiupfvC5FLGS8TVdvbMMO0ODEMyAXLP3HkjPSm6B12yX46j/+fPMnAqrqtiNYvrtS02i+qES8Q/DDGDa1FNiIUXMhik0iujzCAMdYitIHeV9ZD1ue2NOyQ==”,headers=“(request-target) digest date”,algorithm=“rsa-sh256”

As you can see here confirmation url my endpoint is sending GET request on it and confirming the url as well. But still i got the redirect_url is not validated.

You created an app with the type “WEBHOOK_SMART_APP” through the API, right? I mean this endpoint:

If so, the URL you posted above isn’t valid, that’s only for the OAuth integration which is a different App type. It has two fields, one for the target URL (where you get SmartApp requests - subscriptions) and another one called redirect URI and the last one must match the one you send in the query parameter &redirect_uri=<my_redirect_uri>. That’s why you get the error, you don’t have two URL fields in a SmartApp registration.
You can check the SmartApp NodeJS SDK to get references on the authorization process there.

thanks @nayelyz for assistance. Let me check that again, will catch you up again if needed. :slight_smile:

1 Like

Hi community! I am facing the same issue (‘redirect_uri’ could not be validated) maybe coming from a different flow / parameters
here are the configuration items:


All the app details are filed, the Hosting Type is WebHooks and the url is actually triggered for the “CONFIRMATION” flow, for which the answer is sent manually thru a curl command

The flow starts by calling (all fields URI encoded)
https://api. smartthings.com/ oauth/ authorize?
client_id= &

in the form of a GET request (from a redirect after the url is constructed programmatically)

The page at OAuth Integrations | SmartThings Developers does not tell what the is the Authorization api that shall be called, neither it gives an accurate list of parameters to send

Any idea on what info / field is missing in the request, or what end point shall be called for this type of “app” or what type of “app” is required. My organization is approved from the page “My Page”.

Help will be appreciated as I believe I have exhausted all community posts related to this topic. Thanks!

Hi, @NoBSHomeAutomation

As you’re using a SmartApp instead of an OAuth integration project, you need to make the authorization accordingly, if you’re not using the SmartApp SDK, here are comments from other developers that have managed to authorize their SmartApps:

  1. SmartApp Webhook HTTP Signatures
  2. Building First SmartApp for Dummies

thanks for the quick response ! I will check these answers in details. How would my organization go about requesting a OAuth integration project ?

I’ll check with the team if the process has changed to see which path should we take and let you know. Just to get more info, is this a personal project or it will be for an official Company?