Authorization Callback Domain stuck in "Application settings"

Can you give us more information what you are trying to do and what “Application settings” you mean?

Hi Jan ! Sure ! 

I did developed the app in test environment, then moved to prod.
For this, I’ve changed the Authorization Callback Domain, in the screen below, to the prod domain, but keep getting a bad request, redirect_uri invalid

Right Now, it’s configured to the prod domain, which doesn’t work (the change was last sunday, 3 days ago). But, the dev env is still working, so internally it must be set to the old value.

How can I change that effectivelly ? or better, have 2 domains to faciilitate testing and deploying ?

Thanks

That means a user trying to authorize your app gets this error? The callback domain is part of the URL in the authorization dialog, you can check what is used there: 

Yes, I got this error when trying to authorize in the production env.

The weird thing is, the domain NOW at the config is the PRODUCTION, that doesn’t work. But works on dev domain, that is different from the configured !

I can’t remember what the mentioned config is good for, but the authorization URL is one you build yourself in your application and does not use this config. 

Have you verified the callback domain is the same as the redirect URI’s you’re using (check your request logs if there is such a thing)?
Also do you have any kind of redirect within your server that basically redirects your proddomain to devdomain, for whatever reason?

Some sort of authentication on your side perhaps you’re not setting properly (Just replied to another topic yesterday which turned out to be strava hit their redirect uri but that got rejected by their side due to authentication missing).

Sure, but it has to match to this config.


One more info, I’m still ‘alone’, I mean, I still didn’t get approval from strava for this app.

Not sure there’s any approval at all. I created an app without review, I’ve changed the domain 7-8 times already between localhost and postman’s and all it took was to hit Save.

Ouch ! Understood. I need to solve this :).
The mistery is right now the domain in strava is the prod one, and I’m testing dev domains… and prod domain is not authorized when I try...

If redirect_uri is on the same domain as the one in the application settings, then maybe the problem is on the redirect_uri itself, or the authentication on the prod domain.

You could remove authentication for a minute, check you are getting the request and if you do, then it’s an authentication issue, if you don’t, then the redirect_uri is wrong, or it’s being re-redirected somehow and the whole thing fails.

How to remove it at strava side ?

Not talking about removing authentication on Strava’s side, but yours….your domain’s/server’s.

Ok, I’ll check as soon as I get to the prod env and get back here.
Thanks guys !

Another possiblity that I remembered is your server’s expected protocol. Check for typo in your redirect uri against what your server expects. Also internally sometimes, servers have config to upgrade http to https, which basically redirects to https. If yours hasn’t got it, it expects https and you hit http, then it will fail.

Also, as mentioned here, check whether your production has Cloudflare behind it...another layer of issues right there.

Thanks ​@npatch  !
Seem there is some glicth updating the domain at strava config.
Current config:

 

Then, when hit the connect button, URL is

https://www.strava.com/oauth/authorize?client_id=204084&redirect_uri=https%3A%2F%2F6a9a77d0-62ee-49e8-88a8-360a277bc6f9-00-n2z1zq4hqzad.janeway.replit.dev%2Fapi%2Fstrava%2Fcallback&response_type=code&scope=read%2Cactivity%3Aread_all&approval_prompt=force

 

Thanks ​@npatch  !


Putting some new data.

Current strava setting:
 

URL where I’m trying to authenticate with the strava connect button

 

Result when trying to connect to strava (click on button):

URL: https://www.strava.com/oauth/authorize?client_id=204084&redirect_uri=https%3A%2F%2F6a9a77d0-62ee-49e8-88a8-360a277bc6f9-00-n2z1zq4hqzad.janeway.replit.dev%2Fapi%2Fstrava%2Fcallback&response_type=code&scope=read%2Cactivity%3Aread_all&approval_prompt=force

Result:

PS.: I tried to submmit before but got an error. Posting again.
 

Are you sure it’s properly deployed? I hit the url (just the website url, no params) and got a 503 and the site is showing a “The app is currently not running. Deploy this app to keep it running externally.” If I can’t hit the url, Strava can’t too.

Another thing , although I’m not sure about this, is url encoding might be creating issues. I did have some in Postman with it, especially for scopes.

Hi !

I unpublish the app due to this problemas AND i’ll not be able to work on it this week. Also, I’m still waiting strava aproval for it.

I’ll be back later, many thanks !

To my understanding, approval is only needed for rate limits being raised because you expect multiple users. That doesn’t mean you need approval to make sure the app works. Or, at the very least, I’ve gone through the docs and haven’t found anything else to contradict this point. For me, your problem right now seems to be publishing your app properly.