We've been using LWA for a while successfully. We currently use the following options for "authorize":
- scope: 'profile'
- response_type: 'code'
- popup: true
We use a redirect_uri instead of a callback function. On the server we then request a token using the response code. All this worked without problems.
We now want to change from using a popup to a redirect to a separate page.
I switched popup to false, and updated the "return urls" on the LWA dashboard. Tthe sign in seems to work well, but once our "return_uri" is called, we fail to get the oauth token (we get 400 Bad Request) back.
From reading the docs, I can't figure out what else I have to change. Anyone have any ideas?
I figured it while rereading the docs. I needed to include a redirect_uri in when requesting the token from the backend. (And it should match the one used when calling authorize in JS SDK.)
Note: This is mentioned in the table of parameters, but the example is wrong and doesn't include it.