I’m about to integrate a nuki smartlock into our application. In the application multiple users can have a smart lock which can be opened via the API, so the authorization needs to happen for every user, as each user will have its own account and keep full permission of the nuki account.
Therefore, I have taken a look at the Oauth exampels and especially the “Code Flow” OAuth 2 Authentication Example" section. While testing I have realized that the callback url for the authentication and the callback url in the api setting of the account have to exactly match. Is that right?
My problem is that I have to extend the callback url with some query params, so I know the context (e.g. to which users this is connected) when the callback url is called after the login. How can I achieve that or is that not possible?
The callback URL has to exactly match.
For the dynamic queries in the URL, I will need to check with the developers and come back to you, unless somebody in the forum has already tried this out.
Sorry for the delay to check and get back to you - the redirect URI must be static for security reasons. Hence, there is no workaround.
The only thing which is possible, to encode some thing in the “state” parameter.