#dmi_oauth-bug

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1483966925351419964

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

dmi_oauth-bug

@celest bane 99% of the time the issue is the URL has been "tampered" with or something and the ca_123 in it is incorrect. Can you share the exact URL they are on?

this is configuration URL which has not changed
https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_6V1tTRzFvYJ63UdHthNYMd8j40MLw2fx&scope=read_write&redirect_uri=https://donateway.com/oauth/stripereturn

We are not modifying, just redirecting this URL from the configuration.

the user click a connect button on our site and it gets redirect to the above URL.

please let me know if you need any additional information?

yeah it's the encoding

you have $amp; instead of &

something in your code is URL encoding those params. So our page doesn't fine the client_id

it should be https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_6V1tTRzFvYJ63UdHthNYMd8j40MLw2fx&scope=read_write&redirect_uri=https://donateway.com/oauth/stripereturn which does work

dont worry, that gets decoded before sending..\

no

you gave me the exact URL that they load right?

I mean on our side

I don't know what that means

Can you give me the real exact URL the person loads in their browser?

I'm 99.9% sure that's your issue

give me a second please

of course

My gut: you never decoded those and it used to work

how do I know: we did have a real bug (which I found) end of February where we had this & issue on another type of URL

so I feel like you might have never done this correctly but it still work and suddenly broke
And even when I found the bug I mentioned we never realized it affected those URLs too

okay got it..

let me try using what u r suggesting & to &;

thanks

thank you for your patience..

I'm still escalating internally too as we should fix it, you might not be the only one

good to know.. but I will change it to this and try one second.
https://connect.stripe.com/oauth/authorize?response_type=code&client_id=ca_6V1tTRzFvYJ63UdHthNYMd8j40MLw2fx&scope=read_write&redirect_uri=https://donateway.com/oauth/stripereturn
does this look good.. if so I will change it and test it now

Issue was resolved.

You are correct 100% that this was the issue..

just so you know, this used to work before until Feb 6

yeah that matches the timeline of what I found last month. We did look at other pages. It was extremely rare that someone did that & so we didn't find any other logs but still we should have caught this

Don't hesitate to ask support https://support.stripe.com/contact so they can investigate further

Thank you so much.

of course!