Authorization Callback Domain stuck in "Application settings"

Can you give us more information what you are trying to do and what “Application settings” you mean?

Hi Jan ! Sure ! 

I did developed the app in test environment, then moved to prod.
For this, I’ve changed the Authorization Callback Domain, in the screen below, to the prod domain, but keep getting a bad request, redirect_uri invalid

Right Now, it’s configured to the prod domain, which doesn’t work (the change was last sunday, 3 days ago). But, the dev env is still working, so internally it must be set to the old value.

How can I change that effectivelly ? or better, have 2 domains to faciilitate testing and deploying ?

Thanks

That means a user trying to authorize your app gets this error? The callback domain is part of the URL in the authorization dialog, you can check what is used there: 

Yes, I got this error when trying to authorize in the production env.

The weird thing is, the domain NOW at the config is the PRODUCTION, that doesn’t work. But works on dev domain, that is different from the configured !

I can’t remember what the mentioned config is good for, but the authorization URL is one you build yourself in your application and does not use this config. 

Have you verified the callback domain is the same as the redirect URI’s you’re using (check your request logs if there is such a thing)?
Also do you have any kind of redirect within your server that basically redirects your proddomain to devdomain, for whatever reason?

Some sort of authentication on your side perhaps you’re not setting properly (Just replied to another topic yesterday which turned out to be strava hit their redirect uri but that got rejected by their side due to authentication missing).

Sure, but it has to match to this config.


One more info, I’m still ‘alone’, I mean, I still didn’t get approval from strava for this app.

Not sure there’s any approval at all. I created an app without review, I’ve changed the domain 7-8 times already between localhost and postman’s and all it took was to hit Save.

Ouch ! Understood. I need to solve this :).
The mistery is right now the domain in strava is the prod one, and I’m testing dev domains… and prod domain is not authorized when I try...

If redirect_uri is on the same domain as the one in the application settings, then maybe the problem is on the redirect_uri itself, or the authentication on the prod domain.

You could remove authentication for a minute, check you are getting the request and if you do, then it’s an authentication issue, if you don’t, then the redirect_uri is wrong, or it’s being re-redirected somehow and the whole thing fails.

How to remove it at strava side ?

Not talking about removing authentication on Strava’s side, but yours….your domain’s/server’s.

Ok, I’ll check as soon as I get to the prod env and get back here.
Thanks guys !

Another possiblity that I remembered is your server’s expected protocol. Check for typo in your redirect uri against what your server expects. Also internally sometimes, servers have config to upgrade http to https, which basically redirects to https. If yours hasn’t got it, it expects https and you hit http, then it will fail.

Also, as mentioned here, check whether your production has Cloudflare behind it...another layer of issues right there.