invalidredirecturi

invalidredirecturi is an error encountered in OAuth 2.0 and OpenID Connect flows when the redirect_uri parameter in an authorization request does not match any pre-registered redirect URIs for the client, or is otherwise invalid. This check helps prevent authorization responses from being sent to an untrusted endpoint.

Causes and scope: The most common cause is a mismatch between the redirect_uri provided in the request

Impact: When invalidredirecturi is detected, the authorization endpoint typically rejects the request and returns an error

Resolution guidance: Verify that the redirect_uri in the authorization request exactly matches one of the client’s

Security note: Strict redirect URI validation is a key defense against token interception and open redirect