OAuth Redirect URI issues. #691
Comments
|
Hello, Thank you for reaching out and conveying this concern. It appears you have also logged a case with the Developer Support team regarding this issue. The error has been reported to the engineering team and it is being looked into. In the meanwhile, please provide us with requested information via the support case opened for further investigation. |
|
Hello, The login and redirect URL are both mandatory fields to be filled in the form. If only one field is completed and the form is saved, it does not give an error, but it does not save the changes made to the form. Can you please confirm that you are able to save the form with changes after filling out both the fields? Please note only https links are valid for login and redirect URIs. |
|
@ShivikaK I can confirm I was able to save once adding both parameters, this did not work the other day but it is now. As you said, if only trying to add one it does not give an error and appears to save rather than letting the user know what to do and not allowing it to save, which I believe should be the default functionality. However, there is nowhere in the documentation nor on the seller central SP-API authorization developer page itself which refers to what is supposed to go in the "OAuth Login URI". In the SP-API docs it simply says "Follow the instructions to register your application." However, when registering your application there are actually no instructions to follow. Please correct me if I'm wrong. The redirect is def more obvious for a seasoned developer but will not be for others, so at least an info tooltip which says what should go in both of these would be great. As for the "OAuth Login URI" I'm guessing that you want this provided so you can check to see if the request is coming from the proper host, so I added my top level domain there and everything seems to work. However, it is called an "OAuth LOGIN URI" which makes it even more confusing, since there is not any actual logging in that happens if you are indeed just using this to check that the request is coming from the proper host. Maybe there is some overlap here between the "Marketplace Appstore Workflow" and the "Website workflow" that I'm not aware of but from what I'm reading there is no clear indication on what should go in the "OAuth Login URI". So should I put the login to my app here (which would make no sense)? Or maybe you mean the URI from which the login redirect to Seller Central happens. Again, just confusing. Maybe it's just me, in which event I will gladly accept. Lastly, you mentioned it's possible to add a redirect to localhost as long as it is https. It is not possible. Please see the attached screenshot. If you plan to make it possible and the "OAuth Login URI" is actually used to confirm which host it's coming from it would be nice to be able to add multiple "OAuth Login URI" for all available staging environments. I had to take an hour to redirect my localhost to a fake uri locally and then setup new certs, a nginx server to handle the redirects and everything for https which I haven't had to do in a long time since most major websites offer the functionality I'm referring to. Thanks much for you hard work guys. Appreciate it a ton, I know you've got tons on your plate right now.
|
|
Thank you for confirming the same. The engineering team will be adding validation messages on saving the form if only one of the fields are filled and other is left empty. The form will also be updated soon with info tooltips to help understand what is expected for login and redirect URIs fields when filling out the form. To give a more elaborate description for the two, login URI is the the URI for login page of your website. This is displayed after a seller consents your application as described in "Marketplace Appstore workflow" section - Step 2. The seller consents to authorize your application. The redirect URI is to redirect the seller to your application which is loaded into the browser as per Step 3. The seller signs into your website Hope this makes it more clear regarding the usage of providing login and redirect URIs for now. |
|
@ShivikaK Yup, makes perfect sense. So there is some overlap between Marketplace and Website workflows for authorizing your SP-API app. I am using the website route which is why I didn't see that in the docs. Great to hear you guys are making updates to make it all more clear. Would really love to be able to add https://localhost to both URIs. As well as multiple OAuth Login URIs so a nice multi stage dev - prod environment could be setup much easier. Thanks again for the fast responses. |
We'd love this as well! P.S. Just as @charliecode I'd also like to say thank you to everyone at Amazon. So thank you for your hard work on realizing this API and working with developers to further improve it and its documentation. Much appreciated! |
|
Why can multiple redirect URI's be entered? How would Amazon know which to redirect too? I ask because it might be nice to set up different redirect URI's per region. I'm thinking the only way to know which region the seller was trying to approve would be to associate the region with the generated state parameter (uuid). |
|
@scrussell24 There are multiple ways Amazon could know which redirect URI to use. It's quite normal for large API's to offer multiple redirects for a majority of use cases. A few of us would like to see them added for CI/CD - staging reasons. The reason this is all confusing is because for the time being, there is some overlap between the "Marketplace Appstore workflow" and the "Website workflow". The Appstore workflow has you add the redirect URI directly into the URL. Pay attention to step 3. @ShivikaK also said the reason there is an "OAuth Login URI" is related to the "Appstore workflow" and not the "Website workflow". So, things are a little unclear at the moment but as is stated in the comments above, the dev team is taking care of making it more understandable. It would definitely be nice if there could be more separation between the two workflow's when setting things up. They also have the issue of a missing "Cancel" button (#29) and how that redirect will work once it is in fact available as it's stated to be in the docs. |
|
Hello, As of now the localhost URLs cannot be used in Oauth URL fields as Amazon won't be able to respond/connect to localhost based Oauth RedirectUrl. |
|
Hi all, Thanks for the healthy discussion. Our engineering team has heard this feedback loud and clear, and has added an item to our backlog to address it. Best regards, |
|
@pprbhm please don't close issues without providing a reason why an issue is closed (e.g. a reason why a request is rejected, an issue is invalid, or a reference to a merged PR). This will help everyone involved in the discussion as well as future readers. In this case, is localhost now supported as a valid callback URL? |
|
Hello, |
|
I agree 100% with @p-prins on this one. Hoping this was an oversight? Last time we heard an official response on this was almost 3 months ago, we were told it was put on a backlog. Why has the issue been closed when the issue has not been fixed? Is it still on the backlog or will it no longer be implemented? And why was the conversion locked when @p-prins request was done respectfully and he has a valid point? |
|
Hello, |
|
Hi, After adding Redirect and Login URL, application condition is Eraser what is means? |
|
Closing this issue as the original issue was fixed and the rest of the requested functionality is being and can be addressed in #923. In particular the documentation being updated to show the redirect_uri can be added to the OAuth uri so multiple stages for CI/CD and local development can be handled. Only thing left would be adding the ability to save localhost as an OAuth uri for local development as it's super easy. However this not 100% necessary as a more professional route which could be used across development applications would be for the dev to add an additional mapping to their localhost (127.0.0.1) via their hosts file and have it map to a fake local url the dev makes up such as https://dev.app.com, said url would be listened to on 443 via a local running https nginx server which would forward all requests to the devs local development client or alternatively use a service like ngrok as a means to redirect to your local development client. This negates the use of adding localhost as an OAuth redirect uri as Amazon will accept a non registered local running url so long as it supports https. Lastly, the locally running browsers client code will automatically take care of the rest. |
|
The fields for entering the login and redirect URLs do not appear. I believe this is the reason why I am getting the following error during the authorization process that we are developing.
|
Same problem here. We are awaiting news from Seller Central's support. |
|
Has anyone found a solution? |
When registering an application I am unable to add an OAuth Redirect URI, after clicking save they never actual save. Therefore after a user approves the developer, there is no redirect to our website. It's allowing my URI such as https://example.com/sp-api-auth but not actually saving it.
Also, you are not able to add a redirect URI for local development. It will not allow http://localhost:4200/sp-api-auth or the like. This is an inconvenience and not friendly to quick development.
The text was updated successfully, but these errors were encountered: