Re: OAuth 2.0: Incorrect Authorization Flow

1785 0
Showing results for 
Search instead for 
Did you mean: 
5 - Automation Enthusiast
5 - Automation Enthusiast

Reproduction Steps:

  1. Generate the endpoint with the expected query string parameters specified in the authorization reference
  2. Open an incognito browser window (In my case I used Google Chrome 64-bit Version 87.0.4280.141 on Windows) and paste the link in step 1.
  3. You are taken to a login prompt as expected
  4. Enter your email, and you are then moved to a "Verify it's you" security prompt, complete the actionsashtontito_1-1671053998155.png


  5. You are then taken back to the login prompt where you can enter your passwordashtontito_2-1671054099391.png
  6. After entering your password, you are then redirected to the home page of the account you logged intoashtontito_3-1671054203463.png


  7. In order to continue with the authorization workflow, you have to re-enter the authorization URL generated in Step 1 into the same browser window session, which then takes you to the page to verify/accept scopes and access of your OAuth 2.0 applicationashtontito_4-1671054347391.png


  8. Then you are redirected back to the specified redirect URI where you can complete the flow required to get an access token.


In Step 6, you should immediately be sent to the page that asks you to verify/accept scopes of your OAuth 2.0 application, instead of just taking the user to the home page of their Airtable account. The current behaviour causes problems for implementations/consumers of Airtable OAuth 2.0 that expect to be able to complete the authorization flow by only initiating the request in Step 1 once.

10 Replies 10
4 - Data Explorer
4 - Data Explorer

@Emma_Yeap Was testing Airtable API by following the instruction provided inside the documentation.However, while performing oAuth2, I always encounter this error This third-party app failed to properly construct a request to Airtable: failed to include a redirect_uri in the request 

I still got the same error despite including the redirect URL along with the request.