Oauth2.0 - encoded URL values option is ignored

1. My goal: Test OAuth 2.0 Authorization Code Grant
2. Issue: redirect_uri parameter is being encoded, despite checking “Disable URL encoding”
3. Steps I've taken to troubleshoot:
4. Additional info: Cloud

The callback URL is used as the redirect_uri parameter, however the OAuth 2.0 service I am using requires all redirect_uri values to not be encoded.

image1398×646 97.1 KB

When navigating to the authorization page for the service, the parameter is encoded:

So I change the Advanced options, and save the resource:

image1060×230 23.7 KB

I try again. The parameter remains encoded:

Hoping someone can identify if this setting is being used or ignored when building the redirect URL query parameters.

Thank you!

Hi @hansontools,

Interesting issue.

Just to clarify, what Auth service are you using that requires redirect_uri values to not be encoded?

I was doing some research and every major OAuth provider (Google, Okta, Azure AD, Auth0, GitHub, etc.) expects this.

If a service truly rejects encoded query parameters, it is not OAuth-compliant.

For the checkbox under Advanced Options that checkbox does not mean “send raw characters in the URL” — because that is not possible in a valid HTTP query string.

What it actually controls is:

Whether Retool double-encodes the redirect URI

Example

Correct (single-encoded):

redirect_uri=https%3A%2F%2Foauth.retool.com%2Foauth%2Fuser%2Foauthcallback

Broken (double-encoded):

redirect_uri=https%253A%252F%252Foauth.retool.com%252Foauth%252Fuser%252Foauthcallback

The checkbox prevents double encoding, not encoding entirely.

If you can give me more details on the OAuth provider and what they expect I can help further, but any resource Auth options using OAuth 2.0 will have to encode the redirect_uri value