Solved: Re: INVALID_CLIENT: Insecure redirect URI, using c...

Cbooch13 · 2025-04-14

Plan

Premium

Country

US

Device

Samsung S20 FE

Operating System

Android

My Question or Issue

Hello everyone,

I am new to the spotify API and I am trying to complete the Oauth authorization flow for my android application. After my app redirects me to the spotify login page, I login, and it redirects me to a page that says "INVALID_CLIENT: Insecure redirect URI", it does NOT say "INVALID_CLIENT: Invalid redirect URI" which makes me believe it is a security issue. I am using a custom redirect URI, let's call it "com.myapp://callback". I have added this exactly to the redirect URI of my spotify dashboard for this project, and have verified that I wrote this exactly everywhere else in my project that required a redirect URI.

If anyone has any insight on this then I'd really appreciate it. I feel that it has something to do with spotify's new redirect URI security requirements, but I thought that those didn't apply to custom URIs for mobile apps and I'd appreciate any insight.

EDIT:
I have tested my application with a client id from a spotify project that I had created before April 9th (the date of the Spotify rules being enforced), and the application worked perfectly. This leads me to believe that it is an issue with the new redirect URI rules and how custom URIs are handled for mobile applications.

Iccyan21 · 2025-04-30

The API has been modified and is now usable!

View solution in original post

Cbooch13 · 2025-04-14

EDIT: Added my comment to the above question.

hedenborn89 · 2025-04-15

i fixed it by using "https://httpbin.org/anything" as redirect_uri and it works. i was able to create my token and also refresh tokens.

Richard_Yang · 2025-04-16

Im also having the same issue with a project of mine. API is returning insecure redirect URI with blank page instead of redirecting me to my app

gregggreg · 2025-04-18

I can confirm this issue. I created a new project and putting in a redirect to my app using a custom URL scheme results in an Insecure redirect URI. But if I use an older project with a previously working custom URL redirect, it works fine.

I even have an issue that I want to change the existing redirect URL for the older project and adding a new callback using a different URL scheme for that older project also fails to work.

It seems like they forgot about custom URL schemes in apps while adding this new "security" restriction. Maybe not surprising after all of the layoffs and de-emphasis on partner integrations.

Iccyan21 · 2025-04-22

I get the exact same symptom error. Now they have to develop the project using the project I created in the past. I hope this crazy error will be fixed soon. But it's been more than 10 days since April 9 for the first time, so it should be resolved, but it's not yet.

BojackH · 2025-04-22

Their iOS SDK Demo apps are having issues : Spotify automatically close and the connection is refused. They really need to fix this! It's impossible to create a new app for the mobile SDK's right now. It ain't working.

Iccyan21 · 2025-04-30

The API has been modified and is now usable!

Hassanj99 · 2025-05-02

bro i am having same issue please can anyone resolve it ? i am creating an spotify clone using api and in spotify redirect url i have setup this https://localhost:3000/callback i am using mkcert for https and their certificate but after login and it showing me this in screen INVALID_CLIENT: Insecure redirect URI any solution ? please

Socrapop · 2025-05-02

I had the same problem, even with https:// , localhost was not supported (that was before the fix, I don't know if it's still the case). So I changed to 127.0.0.1 instead of localhost (you may have to change your server configuration). I hope this helps.
https://developer.spotify.com/documentation/web-api/tutorials/migration-insecure-redirect-uri

Roffers · 2025-05-08

This worked for me. The "fix" still doesn't work though.

Thanks

matt-user · 2025-05-11

Locally this does not work with next js next-auth http://127.0.0.1:3000/api/auth/callback/spotify

However, my production deployment works with the production callback... Is there a fix for local development?

JoshNoe · 2025-05-16

Could the docs at least be updated to indicate that https://localhost is not supported?

huerologe · 2025-05-17

I have the same problem.... can't make it work when running locally

jishnu_ss · 2025-05-19

Not working locally, keep getting INVALID_CLIENT!

Iccyan21 · 2025-05-20

Spotify's documentation says it cannot be used as a localhost redirect URI.

so I don't think you can run it locally...

This URL :
https://developer.spotify.com/documentation/web-api/concepts/redirect_uri

So the only way to test it is to rent a temporary server such as Render or a development environment server...

postinferno · 2025-05-20

so you can't publish the app on the web cuz they renewed the review process, and can't even package it as a local app cuz localhost isn't allowed?!?! it's so over guys

Help categories

Account & Payment

Using Spotify

Listen Everywhere

INVALID_CLIENT: Insecure redirect URI, using custom URI

INVALID_CLIENT: Insecure redirect URI, using custom URI

Suggested posts

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

INVALID_CLIENT: Insecure redirect URI, using custom URI

INVALID_CLIENT: Insecure redirect URI, using custom URI

Suggested posts