OAuth2::Error when trying to login

[phoenixxxx]

Hi,

First of all, I apologize if this is not the right place to ask this question. Please let me know where to redirect my issue.

I am using this gem on a rails project and here is the error I keep getting
invalid_grant: Invalid redirect URI {"error":"invalid_grant","error_description":"Invalid redirect URI"}

It happens right after the user enters their Spotify credentials. I have followed the short instructions from the Readme file, and I frankly cannot seem to figure out what the issue is.

OAuth2::Error
invalid_grant: Invalid redirect URI {"error":"invalid_grant","error_description":"Invalid redirect URI"}
so I have made sure that "http://localhost:3000/auth/spotify/callback" is whitelisted in the spotify app

Here are a few debug prints
opts[:body]:

{"grant_type"=>"authorization_code", "code"=>"AQC-il1sCPz5JNcYAco6JDBYOD1NMWDD1CRb724heBtfBqeQa-LsbP7vlTwgEAz9IGiMWL90gAHQojuAvl4GSaOtABJfXybsNxfOXqSa9VBWYKXdrd2_p-uP-2mSJVUmP6ZujneBTqyQGmFXtYSyiK7VfqXNNX4WJHl44EMmHCVn9lXqgk0DAFprMOERc7yKBJPRiTTi74CVG2oYoO0JTgQgYf9NDCbcqJ7QCwPtyiKYTVHtYA4QN-POI6Awlv-a12na2rpSkaIAdXtwp42bE1m4pG16UmaHBjUNKA", "client_id"=>"The ID", "client_secret"=>"The Secret", :redirect_uri=>"http://localhost:3000/auth/spotify/callback?code=AQC-il1sCPz5JNcYAco6JDBYOD1NMWDD1CRb724heBtfBqeQa-LsbP7vlTwgEAz9IGiMWL90gAHQojuAvl4GSaOtABJfXybsNxfOXqSa9VBWYKXdrd2_p-uP-2mSJVUmP6ZujneBTqyQGmFXtYSyiK7VfqXNNX4WJHl44EMmHCVn9lXqgk0DAFprMOERc7yKBJPRiTTi74CVG2oYoO0JTgQgYf9NDCbcqJ7QCwPtyiKYTVHtYA4QN-POI6Awlv-a12na2rpSkaIAdXtwp42bE1m4pG16UmaHBjUNKA&state=680070af68727193fbcac270ffde0ede3160ff4c9e457abf"}

the redirect URI seems ok to me http://localhost:3000/auth/spotify/callback +

Here is the option header
opts[:headers]:

{"Content-Type"=>"application/x-www-form-urlencoded"} #OAuth2::Response:0x007fddb43c13a8

and here is the error again:

ERROR -- omniauth: (spotify) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: Invalid redirect URI
{"error":"invalid_grant","error_description":"Invalid redirect URI"}

Break down of the steps (from debug log):

INFO -- omniauth: (spotify) Request phase initiated.
Started GET "/auth/spotify/callback?code=" for ::1 at 2016-05-15
INFO -- omniauth: (spotify) Callback phase initiated.
INFO -- : post https://accounts.spotify.com/api/token
DEBUG -- request: User-Agent: "Faraday v0.9.2"
INFO -- Status: 400
DEBUG -- response: server: "nginx"

OAuth2::Response:0x007fb0e64fe4a0

ERROR -- omniauth: (spotify) Authentication failure! invalid_credentials: OAuth2::Error, invalid_grant: Invalid redirect URI

Agains, http://localhost:3000/auth/spotify/callback is whitelisted and just to check, I have purposefully changed it to a bogus URI in the Spotify app, and the Spotify servers return clearly a different URI invalid error. This conclusively leads me to believe that this error is unrelated.

The redirect URI is the same as when the code was requested. I have no idea what the issue is. Please, any help is appreciated.

Thanks.
-Serge

[henrrrik]

You need to downgrade the omniauth-oauth2 1.4.0 gem to 1.3.1.

[lukivandenbergen]

Hi,
I have the same issue. Could you please tell me how to downgrade from omniauth-oauth2 1.4.0 gem to 1.3.1. Thanks in advance for you help!

best regards, Lukas

[tomekr]

@lukivandenbergen you need to change the version in your Gemfile.lock file. In my case I changed the line:

    omniauth-oauth2 (1.4.0)

to

    omniauth-oauth2 (1.3.1)

[michael-wise]

Mine was already packaged with 1.3.1. If anyone else encounters this error, make sure you've scrolled down to the bottom of your Spotify.com app page and saved your changes.

[theo-bittencourt]

I'm facing this issue with omniauth-oauth2 >1.3.1.

Seems like this PR is causing the problem.

When redirect_uri includes code as query string, Spotify throw mismatch redirect_api.

[stephendolan]

I'm encountering the same issue on a fresh Rails 6.0.0.beta1 application.

[jean-francois-labbe]

This is related to omniauth/omniauth-oauth2@2615267#diff-1894759d724182a93ca97be91b43a7bc

you can fix this by restoring the callback_url function inside the OmniAuth::Strategies::Spotify class.

Create a new concern to restore the callback_url, this can be in the /lib folder

# app/model/concern/spotify_omniauth_extension.rb

module SpotifyOmniauthExtension
  extend ActiveSupport::Concern

  def callback_url
    full_host + script_name + callback_path
  end
end

And add the Rails.application.config.to_prepare block

# config/initializers/omniauth.rb

require 'rspotify/oauth'

Rails.application.config.to_prepare do
  OmniAuth::Strategies::Spotify.include SpotifyOmniauthExtension
end 

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :spotify,
    Rails.application.credentials.spotify[:client_id],
    Rails.application.credentials.spotify[:client_secret],
    scope: 'user-read-email playlist-modify-public user-library-read user-library-modify'
end