FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Users cannot accept invitation, redirect_uri missing

    Scheduled Pinned Locked Moved
    Q&A
    0
    3
    867
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nick
      last edited by

      Hi, when I invite a new user, the user gets the "Setup password" email.

      When they click the link, they get the following error:

      {
      "error" : "invalid_request",
      "error_description" : "The request is missing a required parameter: redirect_uri",
      "error_reason" : "missing_redirect_uri"
      }

      The URL does have the client_id in it, however. Shouldn't FusionAuth be able to set the correct request_uri from the client/application configuration?

      Thanks,

      Nick

      1 Reply Last reply Reply Quote 1
      • danD
        dan
        last edited by

        This typically means that the link the user is clicking on in the 'setup password' email doesn't have a url encoded redirect_uri on it.

        Can you share the link in the 'setup password' email?

        Thanks!

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 1
        • N
          nathan
          last edited by nathan

          I have encountered this error and managed to work out the following steps to get things working

          FWIW I think this issue is the same as https://fusionauth.io/community/forum/topic/1098/registration-question-sendsetpassword-flow/7

          I get the above error using the default Setup Password template which contains link with template http://localhost:9011/password/change/${changePasswordId}?client_id=${(application.oauthConfiguration.clientId)!''}&tenantId=${user.tenantId}

          If I add redirect_uri=http://localhost:3000 then I end up being redirected to http://localhost:3000?error=invalid_request&error_reason=missing_response_type&error_description=The+request+is+missing+a+required+parameter:+response_type without ever setting a password.

          Once I add response_type=code I now get to be able to set the password.

          It looks like the /password/change endpoint actually jumps into the OIDC/OAuth flow after the password is set and my redirect URL gets a code (which I assume can be exchanged for a token), however as I am using ASP.NET 5 & the OpenIdConnect extensions the state parameter contains encrypted data that must be supplied so I have found it best to ignore the code and simply trigger the OIDC challenge which causes a redirect back to FusionAuth (with required state) which immediately redirects back to my API (as there is an open SSO session) and my login is complete.

          It would be good if there was some documentation about the /password/change endpoint.

          (I would also be open to suggestions about how I can cleanup the redirect magic I need to do to get this all working with ASP.NET but I realise that is probably out of scope of this question!)

          1 Reply Last reply Reply Quote 1
          • First post
            Last post