APIs & Integrations

Not applicable

OAuth testing on localhost results in "redirect_uri must use https"

We are trying to test OAuth integration locally, and getting “The redirect_uri must use https for security reasons.” (http://import2.d.pr/dLph/19NUyAOc). Is there a way to develop OAuth integrations locally without setting up the HTTPS web server?

thanks!
Anton

12 Replies 12
tjoyce
Recognized Expert | Elite Partner
Recognized Expert | Elite Partner

OAuth testing on localhost results in "redirect_uri must use https"

If using Laravel with Valet, run this command in terminal.

valet secure my-test-project

{my-test-project} is by default served @ http://my-test-project.test 

Be sure to leave off the TLD when running the command 

0 Upvotes
Derek_Gervais
HubSpot Alumni
HubSpot Alumni

OAuth testing on localhost results in "redirect_uri must use https"

Hi all,

This was recently updated; the OAuth2 redirect URI can now be served over http if the host is localhost. See the details here:

0 Upvotes
jeffnappi
Participant

OAuth testing on localhost results in "redirect_uri must use https"

I also find this absurd. Google and many other OAuth2 providers allow http:// for localhost. Developers need this to simplify robust solutions with automated test suites etc.

0 Upvotes
dimitris1
Member

OAuth testing on localhost results in "redirect_uri must use https"

May I add another “me too” for bringing back the http exception for localhost? My dev server doesn’t use/need SSL, and there are literally hundreds of OAuth2 providers I’ve used that allow non-SSL for localhost redirects.

0 Upvotes
Not applicable

OAuth testing on localhost results in "redirect_uri must use https"

This is quite annoying, many OAuth implementations allow non-https redirect URLs for localhost/127.0.0.1. Using a random https URL as redirect doesn’t really work because then we have to manually grab the parameters to decode them

0 Upvotes
saifali40
Member

OAuth testing on localhost results in "redirect_uri must use https"

I guess you can go for the ngrok please check the document, you can use the localhost in https using tunneling.

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

OAuth testing on localhost results in "redirect_uri must use https"

@Ka-Hing_Cheung

You can always create a self-signed certificate for testing purposes. That way you won’t have to manually grab the parameters to decode.

kevin_crooks
Member

OAuth testing on localhost results in "redirect_uri must use https"

We have the same issue too - this worked last week using http://localhost:..., but I think a change was silently introduced so that this no longer works. Problem is that I don’t know if we’ll be able to use https here - does anyone know of a workaround?

0 Upvotes
Tamas_Pal
Member

OAuth testing on localhost results in "redirect_uri must use https"

Guys I’m getting the same issue… How can we develop locally? Do we need to setup an ssl certificate for localhost?

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

OAuth testing on localhost results in "redirect_uri must use https"

@Tamas_Pal

Yes, or you can use any site as a redirect — ex. https://www.hubspot.com

0 Upvotes
Tamas_Pal
Member

OAuth testing on localhost results in "redirect_uri must use https"

Thanks for the reply. How would work with the OAuth 2 flow? E,g. the user authorizes our app to use their HS portal. I need to redirect to our app so that I can grab the code parameter from the url, that’s how I can the authorization was successful. What are your thoughts on this? :slight_smile:

0 Upvotes
3PETE
HubSpot Employee
HubSpot Employee

OAuth testing on localhost results in "redirect_uri must use https"

@Tamas_Pal I was referring to your question about how to develop locally and for testing. When you push it live you will need to have an encrypted web server to host your front-end app. While you are building out your tool I would use https://www.hubspot.com and then when you go live you will need to set up your server for production.

0 Upvotes