I'm trying to authenticate a user via Facebook for my web api. I am able to authenticate the user when I specify the returnurl parameter to the base of the web site.
My site layout is the following in my test environment:
http://subdomain.main.com/api/ - This is the api location
http://subdomain.main.com/web/ - This is the client website location
I get the list of providers via the api and it returns the following JSON
[{"Name":"Facebook","Url":"/api/api/Account/ExternalLogin?
provider=Facebook&response_type=token&
client_id=self&redirect_uri=https%3A%2F%2Fsubdomain.main.com%2F&state=mScYbSFDVHMMxVH8kaNWmDUNhqo2s4RFbG9SaBXt_jM1","State":"mScYbSFDVHMMxVH8kaNWmDUNhqo2s4RFbG9SaBXt_jM1"}]
I then redirect the user to the url provided by the API. This opens Facebook and asks the user to allow my app.
So its all working when I use the base url, but when I change the returnurl to the following:
https://subdomain.main.com/api/api/Account/ExternalLogins?returnUrl=https://subdomain.main.com/web/&generateState=true
The api returns a url as normal, but when I try to redirect the user to the url provided it just returns:
error: invalid_request
How can I get the API to redirect to my website so that I can catch the oauth token?
