OAuth2 Redirect URI Tester

Build authorization requests, test redirect URIs, and inspect callback parameters

Authorization Endpoint

Client ID

Response Type

Redirect URI Use this page's URL to capture the response directly here

Scope

State

Include PKCE

Code Challenge Method

Code Verifier

Code Challenge

Advanced Options

Nonce

Prompt

Audience

Custom Parameters

Generated Authorization URL

Fill in the fields above to generate the authorization URL

Privacy Note: All URL construction happens in your browser. No credentials or parameters are sent to our servers.

Paste Callback URL Paste the full URL your app received after the auth server redirected back

Redirect URI to Validate

Understanding OAuth2 Redirects

How redirect URIs work in OAuth2 and OpenID Connect flows

Redirect URIs

The redirect URI is where the authorization server sends the user after granting (or denying) permission. It must exactly match a URI registered with the OAuth2 provider — no wildcards, no partial matches.

Response Modes

Authorization Code flow returns a code in the query string. Implicit and Hybrid flows return tokens in the URL fragment (#), which never reaches the server — only the browser can read it.

State & PKCE

The state parameter prevents CSRF by binding the request to the session. PKCE adds another layer by proving the client that started the flow is the same one exchanging the code.

Building OAuth2 into your app?

AuthAction handles OAuth2, OpenID Connect, and redirect URI management out of the box — so you don't have to.

Frontend Authentication Contact Us

OAuth2 Redirect URI Tester

Parsed Parameters

Decoded Token

Validation Results

Understanding OAuth2 Redirects

Redirect URIs

Response Modes

State & PKCE

Building OAuth2 into your app?