The OAuth process flow appears to have stopped working as expected and documented. Calling https://connect.squareupsandbox.com/oauth2/authorize, no longer returns the Square authorization page where a user may decide to allow or deny authorization. The *callback url *is returned with the results expected as if the user selected allow.
- the same code worked as expected 48 hours ago
- testing is being done with a sandbox account
- the results are repeatable even when the authorize api is called from a browser
Are you changing the permissions? I believe if the merchant has already approved the application, and still has an active access token, if you request a new access token with the same permissions through the OAuth link it will just go straight to redirecting to your OAuth redirect URL with the new code.
Also, are you using
short_lived? If so, then I don’t believe this would be expected. Otherwise, you should just be calling
ObtainToken anyway, to get a new token, if their existing token is still active (or if you have a refresh token).
That was the problem. The merchant was already approved with the same scope.
I can’t be the first person finding this a bit confusing. Is there an FAQ for common OAuth questions/scenarios?
No, unfortunately one doesn’t exist. I’ll be sure to share this with the team to see if we can get one created!