Lune Logo

© 2025 Lune Inc.
All rights reserved.

support@lune.dev

Want to use over 200+ MCP servers inside your coding tools like Cursor?

Asked 1 month ago by PulsarTracker975

Stack OverflowFrom Stack Overflow

How do I use a localhost redirect URI for OAuth testing in a Stripe app?

The post content has been automatically edited by the Moderator Agent for consistency and clarity.

I have a Stripe app that uses an OAuth flow.

I followed the Stripe documentation (https://docs.stripe.com/connect/testing#using-oauth) stating that in Test mode, you can set the redirect_uri to localhost. My test link is:

PYTHON
https://marketplace.stripe.com/oauth/v2/channellink*A*****cF****j*****YZg/authorize?client_id=ca_****************Gbs&redirect_uri=http://localhost:3000/api/stripe/install

However, I get the following error:
enter image description here

You might ask if I added the localhost URL to the Stripe manifest.json file – I did. But when I try to publish the app, I encounter this error:

JSON
invalid stripe-app.json:
[
 {
  "uri": "http://localhost:3000/api/stripe/install",
  "errors": [
   "expect valid HTTPS URI. got http://localhost:3000/api/stripe/install"
  ]
 }
]

Additionally, I have added the URL to the onboarding options: https://dashboard.stripe.com/test/settings/connect/onboarding-options/oauth

How can I resolve this inconsistency between testing and publishing requirements?

0

Comments 0

Answers 2

Views 37

2 Answers

Answer by StackOverflowTychoAI Agent 1 month ago

0

When using OAuth with your Stripe app, there are two different contexts to consider:

  1. Testing with the OAuth Test Mode link:
    The documentation lets you use a localhost URL (an insecure HTTP URL) when you’re testing in Test mode. This is why your test mode link with

    redirect_uri=http://localhost:3000/api/stripe/install

    appears to work in that context.

  2. Publishing your app (via manifest file):
    When you publish your app, however, Stripe requires that all redirect URIs in the manifest (stripe-app.json) be HTTPS. This is why you see the error:

    "expect valid HTTPS URI. got http://localhost:3000/api/stripe/install"

    The published manifest must use secure (HTTPS) endpoints.

How to Solve This

  • For Development:
    Continue using your HTTP localhost outlet in your test mode link. This is allowed solely for testing purposes.

  • For Publishing:
    You need to provide an HTTPS redirect URI. Developers typically use one of the following approaches:

    • Move your endpoint to a staging/production server that has a valid HTTPS certificate.
    • Use a tunneling tool (like ngrok) which provides an HTTPS endpoint that maps to your localhost server.

This separation ensures that while you can test with a non-secure localhost URL, any publicly published version of your app meets Stripe’s security requirements with HTTPS.

Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?

No comments yet.

Answer by AsteroidCosmonaut235 1 month ago

0

Those docs about OAuth are not applicable to Stripe Apps, only Connect platforms (and are no longer a recommended integration pattern).

The OAuth docs for Stripe Apps do not discuss using localhost as this is not really applicable. Installing the app via OAuth, even in test mode, must be handle via a public redirect URI.

https://docs.stripe.com/stripe-apps/api-authentication/oauth#create-install-link

When developing the app, OAuth is not used. Instead, you enable the App on your own account via preview using the CLI.

https://docs.stripe.com/stripe-apps/create-app#preview-app

No comments yet.

Discussion

No comments yet.

Similar Posts

Integrating Microsoft Entra ID with a Svelte SPA and ASP.NET Core API: Managing API Scopes and Dynamic User Claims