OAuth 2 w/Custom Domain returns 400 Invalid RedirectUri Cookie

Good morning,

5-6 hours ago, user reported an issue with a REST resource that uses OAuth2. They received this error after completing the authorization flow:

image480×476 14.1 KB

After a bit of testing, I indeed confirmed the issue is likely affecting all our OAuth2 resources. I confirmed that the actual authorisation flow completes on the 3rd party resource, i.e. the access is granted to the user, however the return to the app / resource page runs into this error.

This issue only exists if logged in through a custom domain, i.e. app.myorg.com.au. If I log in to myorg.retool.com directly, the authorization flow completes successfully to both app and resource pages.

F12-ing both instances indeed has an empty redirect cookie. From myorg.retool.com:

and from app.myorg.com.au:

I couldn’t find any previous instance or guidance I could follow.

Send halp.

Hey @Kaneski - welcome to the community! We're currently seeing several similar reports and are prioritizing a fix. You can follow along here for updates.

Are these two authentication issues related to the same issue/fix?

This should be fixed now, @Kaneski! Give it a try and let me know if you run into any issues.

At first glance, @zach, I don't think this is related, but I'll look at any other changes we made recently and let you know.

Good morning @Darren , yep checked out this morning with succesful returns to both app and resource pages.

Cheers!