Different OAuth challenges in dev vs production

I’m working on a integration with Square, specifically migrating from v1 to v2 APIs. When I reach the OAuth challenge when trying to authorize the integration for a given Square user, in production I’m prompted with the permissions grants followed by a screen to indicate which location I’m granting the integration access to. When I do the same with dev credentials, however, I don’t receive the screen requesting the location. This is causing issues in that production receives a location id and can make successful v2 requests, whereas in dev requests fail because they are providing the merchant id rather than a specific location id. Can you help me diagnose why I’m receiving the two different OAuth challenges? Is there a configuration I’ve missed for the dev app? Any help is greatly appreciated.

Hi @lance welcome to the forums!

Are you able to share your Square app id? In very old applications, OAuth used to ask for a specific location because it was scoped per location. However, in today’s world, OAuth scopes by the entire merchant account, so despite the location being chosen you actually should have access to the entire merchant’s account. The sandbox was created well after these changes, so it wouldn’t show a location picker, and actually if you created a new production application, you wouldn’t see it either.

Please let me know if I misunderstood or if you have additional questions!

@sjosey Thank you for the reply. I think that answers my question. I think the differences come down to the age of our different apps.

1 Like