Over the next few weeks we will be releasing a security update to Log In With PayPal. This update will impose stricter checks around verification of the redirect_uri parameter passed in the application and the redirect_uri that was used when signing up for application credentials on the PayPal developer application dashboard.
This update will require merchants and developers to update their existing applications if there is a mismatch between the redirect URI used in the application code and with the application details on the PayPal developer application dashboard.
All parts of the URI – Protocol, host, port, context path, and query parameters (including parameter names and values) – must match, with the exception of the state query parameter. The state query parameter can be used for merchants/developers to pass state information that is not known at the time of registering the application redirect URI.
How do I verify if I need to make a change?
Follow these steps to ensure that you have matching redirect_uri parameters between your code and the application you signed up for:
- Load up your application on the PayPal developer application dashboard. Take note of the “Return URL” under the “Sandbox App Settings” section at the bottom of the application, as shown here:
- Go into your application code, and look at the redirect_uri parameter being passed to the /authorization, /token, and /endsession (if used) endpoints for Log In With PayPal.
- If anything but the state query string parameter values (protocol, host, port, context path, or query string parameters other than state) do not match, then you need to update your application.
How do I make the change to our application?
You have two options with this change, you can either update the redirect_uri parameters within the PayPal developer application dashboard application (recommended) or you can change those redirects in your code.
Changing the redirects in the application is by far the easier option, which is why it’s recommended. Simply change the URIs in the application to match those that are actually used in your code and click save. That is all that is required.
If you choose to go the route of modifying your code, just ensure that the redirect_uri parameters in the code match those used within the PayPal developer dashboard application.
What if I need more time to implement this fix, or need support?
For support requests, please post the issue and all applicable code to Stack Overflow with the PayPal tag. Our support teams will be monitoring those forums and can help with integration problems.
If you need additional time to make these updates, or have any issues, please contact Customer Support and they will be able to assist you further.
- New REST API Feature: Setting a Receiver for Payments
- PayPal is Now Available Through WooCommerce 2.6 Onboarding Wizard
- Adaptive Payments is Moving to Limited Release – What you Need to Know
- Building the Next Step in Payment Tutorials with Stack Overflow Docs
Connect with us!
- January 2017
- December 2016
- October 2016
- September 2016
- July 2016
- May 2016
- March 2016
- November 2015
- September 2015
- August 2015
- June 2015
- April 2015
- March 2015
- November 2014
- October 2014
- August 2014
- July 2014
- March 2014
- February 2014
- January 2014
- December 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013