Users cannot accept invitation, redirect_uri missing
-
Hi, when I invite a new user, the user gets the "Setup password" email.
When they click the link, they get the following error:
{
"error" : "invalid_request",
"error_description" : "The request is missing a required parameter: redirect_uri",
"error_reason" : "missing_redirect_uri"
}The URL does have the client_id in it, however. Shouldn't FusionAuth be able to set the correct request_uri from the client/application configuration?
Thanks,
Nick
-
This typically means that the link the user is clicking on in the 'setup password' email doesn't have a url encoded
redirect_uri
on it.Can you share the link in the 'setup password' email?
Thanks!
-
I have encountered this error and managed to work out the following steps to get things working
FWIW I think this issue is the same as https://fusionauth.io/community/forum/topic/1098/registration-question-sendsetpassword-flow/7
I get the above error using the default Setup Password template which contains link with template http://localhost:9011/password/change/${changePasswordId}?client_id=${(application.oauthConfiguration.clientId)!''}&tenantId=${user.tenantId}
If I add
redirect_uri=http://localhost:3000
then I end up being redirected to http://localhost:3000?error=invalid_request&error_reason=missing_response_type&error_description=The+request+is+missing+a+required+parameter:+response_type without ever setting a password.Once I add
response_type=code
I now get to be able to set the password.It looks like the
/password/change
endpoint actually jumps into the OIDC/OAuth flow after the password is set and my redirect URL gets a code (which I assume can be exchanged for a token), however as I am using ASP.NET 5 & the OpenIdConnect extensions thestate
parameter contains encrypted data that must be supplied so I have found it best to ignore the code and simply trigger the OIDC challenge which causes a redirect back to FusionAuth (with required state) which immediately redirects back to my API (as there is an open SSO session) and my login is complete.It would be good if there was some documentation about the
/password/change
endpoint.(I would also be open to suggestions about how I can cleanup the redirect magic I need to do to get this all working with ASP.NET but I realise that is probably out of scope of this question!)