Issue with Roblox O Auth 2.0 API Redirect URI


I’m having issues using the Roblox O Auth 2.0 API. I’m using NodeJS with the Express framework and CryptoJS.

This is the error I get when I link to Roblox’s auth website:

Authorization Error
Redirect URI is invalid for this application.
Please contact the owner of the application for help.

The resulting URL that gets used looks like this:

This is my Javascript code:

const clientId = "123456"
const redirectUrl = ""
const scope = "openid profile asset:read asset:write universe-messaging-service:publish"

function generateCodeChallenge(length) {
    const characters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~';
    let codeVerifier = '';
    for (let i = 0; i < length; i++) {
        codeVerifier += characters.charAt(Math.floor(Math.random() * characters.length));
    const sha256Hash = crypto.createHash('sha256').update(codeVerifier).digest();
    const codeChallenge = bufferToBase64Url(sha256Hash);
    return codeChallenge;
function bufferToBase64Url(buffer) {
    let base64 = buffer.toString('base64');
    base64 = base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
    return base64;

const codeChallenge = generateCodeChallenge(48)

const link = new URL("")
link.searchParams.set("client_id", clientId)
link.searchParams.set("redirect_uri", redirectUrl)
link.searchParams.set("scope", scope)
link.searchParams.set("response_type", "code")
link.searchParams.set("state", keygen(32))
link.searchParams.set("code_challenge", codeChallenge)
link.searchParams.set("code_challenge_method", "S256")



Thanks in advance for any help!

Hey, you’ve most likely solved this yourself, but for people who find this post in the future, the problem is because you need to list every redirect URI you want to use for your application.

First you’ll need to go to and find your OAuth2 app. Then select EDIT, and press EDIT again.

Now, scroll down to redirect URIs and add all URIs you plan to use.

Press SAVE CHANGES at the top of the page and ir should be all good to go.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.