> All redirect URI's used by an app need to be listed in the Valid OAuth redirect URIs list in the app's Login Settings in order to be used in our OAuth flow. However, there have been two exceptions to this rule. The first exception is that apps with an empty list of Valid OAuth redirect URIs were grandfathered into being allowed to receive tokens on any endpoint on their domain. The second exception is that redirect URIs are allowed to "prefix match", meaning any URI that is prefixed by a URI on the list of Valid Oauth URIs would be valid.
For us, the base URI for the FB Oauth redirect flow is always the same, but the querystring params include some special information (namely, a key value pair that tells us where to redirect the user after the successful FB login).
1 comment
[ 5.3 ms ] story [ 14.1 ms ] threadFor us, the base URI for the FB Oauth redirect flow is always the same, but the querystring params include some special information (namely, a key value pair that tells us where to redirect the user after the successful FB login).
Now I guess we'll have to change our approach.
Not sure why querystring params aren't OK.