OAuth testing on localhost results in "redirect_uri must use https"

不適切なコンテンツを報告 · ‎12 15, 2016

We are trying to test OAuth integration locally, and getting “The redirect_uri must use https for security reasons.” (http://import2.d.pr/dLph/19NUyAOc). Is there a way to develop OAuth integrations locally without setting up the HTTPS web server?

thanks!
Anton

tjoyce · ‎11 13, 2019

If using Laravel with Valet, run this command in terminal.

valet secure my-test-project

{my-test-project} is by default served @ http://my-test-project.test

Be sure to leave off the TLD when running the command

Derek_Gervais · ‎3 28, 2018

Hi all,

This was recently updated; the OAuth2 redirect URI can now be served over http if the host is localhost. See the details here:

jeffnappi · ‎1 3, 2018

I also find this absurd. Google and many other OAuth2 providers allow http:// for localhost. Developers need this to simplify robust solutions with automated test suites etc.

dimitris1 · ‎8 22, 2017

May I add another “me too” for bringing back the http exception for localhost? My dev server doesn’t use/need SSL, and there are literally hundreds of OAuth2 providers I’ve used that allow non-SSL for localhost redirects.

不適切なコンテンツを報告 · ‎4 7, 2017

This is quite annoying, many OAuth implementations allow non-https redirect URLs for localhost/127.0.0.1. Using a random https URL as redirect doesn’t really work because then we have to manually grab the parameters to decode them

saifali40 · ‎4 21, 2017

I guess you can go for the ngrok please check the document, you can use the localhost in https using tunneling.

3PETE · ‎4 10, 2017

@Ka-Hing_Cheung

You can always create a self-signed certificate for testing purposes. That way you won’t have to manually grab the parameters to decode.

kevin_crooks · ‎12 19, 2016

We have the same issue too - this worked last week using http://localhost:..., but I think a change was silently introduced so that this no longer works. Problem is that I don’t know if we’ll be able to use https here - does anyone know of a workaround?

Tamas_Pal · ‎2 21, 2017

Guys I’m getting the same issue… How can we develop locally? Do we need to setup an ssl certificate for localhost?

3PETE · ‎2 21, 2017

@Tamas_Pal

Yes, or you can use any site as a redirect — ex. https://www.hubspot.com

Tamas_Pal · ‎2 22, 2017

Thanks for the reply. How would work with the OAuth 2 flow? E,g. the user authorizes our app to use their HS portal. I need to redirect to our app so that I can grab the code parameter from the url, that’s how I can the authorization was successful. What are your thoughts on this?

3PETE · ‎2 22, 2017

@Tamas_Pal I was referring to your question about how to develop locally and for testing. When you push it live you will need to have an encrypted web server to host your front-end app. While you are building out your tool I would use https://www.hubspot.com and then when you go live you will need to set up your server for production.

APIs & Integrations