This worked at some point, but it looks like recently Shopify has started to reject any OAuth authorization request with "Oauth error invalid_request: The redirect_uri is not whitelisted" when the redirect is appended with parameters. Not sure when the regression occurred, but it's likely within the last few months.
For example, if I want to grab some new scopes for an offline authorization token, I redirect to :
It looks like the presence of %3Fclose%3D1 is causing Shopify to choke here. Removing that makes it execute fine. Given that this is a query parameter, I would expect that the whitelisted redirect_uris would ignore them. Is this a bug, or expected behaviour that was silently changed a while back?
Solved! Go to the solution
This is an accepted solution.
I think it was always the case, not sure how it was working for you at some point. The whitelist must contain the exact redirect URI including query parameters. On a side note, this the definition of the URI:
URI = scheme:[//authority]path[?query][#fragment]