Fix OAuth Redirect URI Mismatch Error
The redirect_uri in your OAuth request must exactly match the URI registered in your provider dashboard — character for character, including protocol, port, and trailing slash. One difference causes the error.
OAuth Error Response
{"error": "redirect_uri_mismatch", "error_description": "The redirect_uri does not match the registered redirect URIs"}Common mismatches
| What you sent | What you registered | Problem |
|---|---|---|
| http://localhost:3000 | http://localhost:3000/ | Trailing slash missing |
| https://app.example.com | http://app.example.com | Protocol mismatch |
| https://www.example.com/callback | https://example.com/callback | www prefix mismatch |
| https://app.example.com/callback?session=1 | https://app.example.com/callback | Query string not allowed |
| https://app.example.com:3000/callback | https://app.example.com/callback | Port in URI not registered |
How to find your registered URIs per provider
Auth0
Dashboard → Applications → Your App → Settings → Allowed Callback URLs
Google Cloud Console → APIs & Services → Credentials → OAuth Client → Authorized redirect URIs
Okta
Okta Admin → Applications → Your App → General → Login redirect URIs
AWS Cognito
Cognito Console → User Pools → Your Pool → App clients → App client settings → Callback URL(s)
Fix — match exactly, then add all environments
// In your code — log what you are actually sending
const redirectUri = 'https://app.example.com/callback';
console.log('redirect_uri:', redirectUri);
// Build auth URL
const params = new URLSearchParams({
client_id: 'your-client-id',
redirect_uri: redirectUri, // must match registered exactly
response_type: 'code',
scope: 'openid profile email',
});
window.location.href = `https://auth.example.com/oauth/authorize?${params}`;
Register all environments you use — development, staging, and production — in the provider dashboard. There is no limit on the number of registered URIs for most providers.
Debug your OAuth error live → OAuthFixer