Registration of redirect_uri in Developer Portal

The registration of a redirect_uri is particularly relevant if your application is a native app. According to the OAuth2 specification (chapter 3.1.2.2) public clients need to register the redirect_uri in advance. For native apps the redirect URIs most of the times do look like: myapp:// instead of https:// for web applications.

There are two things to consider:

  1. Unique Naming

" App developers should choose a URL scheme that is globally unique, and one which they can assert control over. Since operating systems typically do not have a registry of whether a particular app has claimed a URL scheme, it is theoretically possible for two apps to independently choose the same scheme, such as myapp://. If you want to help prevent collisions by app developers using custom schemes, you should recommend (or even enforce) that they use a scheme that is the reverse domain name pattern of a domain they control..."

For example, if an app has a corresponding website called photoprintr.example.org, the reverse domain name that can be used as their URL scheme would be org.example.photoprintr. The redirect URL that the developer would register would then begin with org.example.photoprintr://

[https://www.oauth.com/oauth2-servers/oauth-native-apps/redirect-urls-for-native-apps/]

     2. Mashery Support for native URIs

Mashery does only allow http, https prefixed URIs. Hence it is not possible to add a native redirect uri.

The OAuth server provides a workaround for this based on the following naming convention.

org.example.photoprintr://callback/something https://org.example.photoprintr-callback/something

This naming convention is only relevant for registration with Mashery. For OAuth authorization calls your redirect uri must stay as is: "org.example.photoprintr://callback/something"

Please register your redirect URI on your Application page under "Register Callback URL" according to the conventions described above: