The provided value for the input parameter 'redirect_uri' is not valid

Damien Keitel picture Damien Keitel · Sep 27, 2012 · Viewed 16.1k times · Source

I keep receiving this error from windows live

The provided value for the input parameter 'redirect_uri' is not valid. The expected value is 'https://login.live.com/oauth20_desktop.srf' or a URL which matches the redirect

Why do I keep receiving this error. I have the domain set in the windows live developer app

in the <head> element I have

<script src="//js.live.net/v5.0/wl.js"></script>

just below the <body> element I have

  WL.init({
    client_id: '{S_AL_WL_CLIENT_ID}', //{S_AL_WL_CLIENT_ID} = phpbb template variable for client_id
    redirect_uri: '{AL_BOARD_URL}', //{AL_BOARD_URL} = phpbb template variable for the  urlencoded domain name
    response_type: 'token',
    scope: ["wl.signin", "wl.basic", "wl.birthday", "wl.emails", "wl.work_profile", "wl.postal_addresses"]
});

the login button is

    <div id="login">
        <a href="#"><img src="images/windows_live_connect.png" alt="Windows Live" /></a> 
    </div>

the listener

jQuery('#login a').click(function(e) 
{
    e.preventDefault();
            WL.login({
                scope: ["wl.signin", "wl.basic", "wl.birthday", "wl.emails", "wl.work_profile", "wl.postal_addresses"]
            }).then(function (response) 
            {
                //do something with stuff here. You know brainy type ajaxy stuff to auth a user
            },
            function (responseFailed) 
            {
                console.log("Error signing in: " + responseFailed.error_description);
            });

});

Answer

Damien Keitel picture Damien Keitel · Sep 27, 2012

The problem turned out that redirect_uri has to be exactly http://www.yourdomain.com and not http://yourdomain.com. So if a user inputs http://yourdomain.com then this error will show but if a user has http://www.yourdomain.com then the script works.

I think I have been very spoilt with the Facebook Api.

So in the end I just made a regex to match against any url using the login button and force it to be www with .htaccess.