Redirect Url restrictions

Hi There,
It is Caner from LightingControl Company.

We have an issue while using oauth2 on the redirect URL field. We know that we can restrict the redirect URL by putting URL here directly. But in our case, we don’t want to restrict any endpoint. Because our endpoint can change from request to request. Sometimes, like in the picture, Url might be 192.168.10.32 sometimes 192.168.10.57. There is no limit on there.

Therefore, We want to use it by not restricting any URL. And on your documentation, in order to do that, that’s being said that “you can leave that field empty”.

Although I did many times, this case didn’t work for me. I think there is an issue.

Could you help me?

Thanks a lot in advance.

I will be waiting for your response.

Best regards.

Please remove your sensitive API details. Even the “censored” redirect URL is fully readable.

1 Like

Hi!

It seems that you are using an outdated documentation. I couldn’t find what you’re referring in our current API documentation. Could you send me the link to the version you’ve referred to.

It is possible to define multiple redirect URLs via the API or via Nuki Web > Menu> API > OAuth 2 Redirect URL. You can add several URIs as comma separated values. (Be careful, after the comma start with the next value, put no space character after it.)
But our current implementation doesn’t allow wildcard/dynamic URIs

Best regards,
Orsolya

Hi Orsolya,

Thanks for your response. in the documentation which I downloaded from the" Nuki Developer Documents - Nuki Developers" link on 11 June 2022, it was indicating, that you can allow every URL by setting empty for Redirect URL field.

But, When I look at the current documentation, I suppose that the documentation is updated. I can not find that expression like you.
In that case, Dynamic URL structure is not allowed by you, Redirect URL has to be set for all URLs which we will use in our system. Please correct me, if I am wrong.

Dynamic URL structure is crucial for us because As I mentioned in the first comment, We might have approximately 100 URL or more in the future. in that case, Defining all urls in the field will be so difficult and impossible to maintain. if there is any solution, I kindly ask sharing with us.

Hi again @Orsolya ,

my other question is that, Is there any way to update the redirect URL field automatically by an API endpoint. this will work for us as well. if we can do, We will be able to overcome dynamic redirect url problem.

Thanks a lot.

Since this is about restrictions: Is it allowed to have localhost as a redirect uri?
This comment and the responses on the documentation page certainly suggest so: Web API Authentication - #4 by rvfx
Yet when i try it, i get the error
The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls.
The localhost url is present in the Web interface settings, even after reloading the page.
Other urls work just fine, but its a pain to update the dev server every time i want to test new code.

Hi!

Yes, you can update the redirect URL field by API via https://api.nuki.io/#/ApiKey/ApiKeyResource_post_post

Best regards,
Orsolya

Hi!

Yes it’s allowed to use localhost as a redirect uri.
Could you please contact support and send your Web account’s email address, so that we can have a look why you get the error.

Best regards,
Orsolya

I think i figured it out:
Any URL with an unknown top level domain just doesn’t work. So URLs with only one part of the domain fail automatically.

https://localhost:80 → fails
https://localhost.com:80 → works
https://foobar/auth → fails
https://foobar.anything/auth → fails
https://foobar.io/auth → works

There’s some weird URL-parsing going on at your servers