Xero Redirect URI for OAuth2 and Desktop Apps
This post is about Xero OAuth2 for desktop apps, but the same concepts generally apply to all other applications (REST API apps) using OAuth2.
What many developers don’t initially realize (if new to OAuth2) is that an “App” needs to be defined in the developer portal for the service (i.e. Xero in this case). For Xero, you would login to developer.xero.com and define an App at https://developer.xero.com/myapps/ This is where you get a Client_ID and Client_Secret. It is also where you specify one or more valid redirect URIs. For desktop apps, your redirect URI will be a “localhost” URL that begins with “http://” (not “https://” ) and uses a port number that no other process on the computer is likely to use. For example, you might specify a redirect URI of “http://localhost:55568/”. (Note that the trailing “/” is important to include.)
In your application code using Chilkat, such as here: https://www.example-code.com/csharp/xero_oauth2.asp you would specify the same port number for your oauth2.ListenPort.
If the port numbers don’t match, or if the Redirect URI is not specified exactly as described above, you’ll get the following error when trying to get an OAuth2 access token:
Error code: 500 Error: unauthorized_client : Invalid redirect_uri
For example, here is a screenshot of a Xero app with the Redirect URI correctly defined.