The issue is still occurring on my end and for several users.

EDIT: We got an expedited review approved which removed prompt from the auth url but users are still reporting that they get the web server error.

It is now occuring for all users trying to login.

I've found the issue.

Starting sometime Monday if you leave out redirect_uri in an implicit auth url you will get this webserver error. The docs show that you don't need it if it is set in the app's settings which it is in our apps. 

Please help!

---

@ThatOneCat wrote:

I've found the issue.

 

Starting sometime Monday if you leave out redirect_uri in an implicit auth url you will get this webserver error. The docs show that you don't need it if it is set in the app's settings which it is in our apps. 

 

Please help!

---

I've found that you must set the callback_uri regardless with authorization method you use, as well as other nuiances. This is counter to what the documentation states for optional fields, which end up being not so "optional". 

The best advice for this is to change the callback_uri to match the one that is configured on your application and make sure that it's being sent with each request. If this is an application change it'll be more difficult to publish and force rather than a website update.

You also have to make sure that your callback_uri in the authorization request matches the the callback_uri on the application, otherwise you'll get an unauthorized error on request.

Thanks for the report.

While redirect_uri is optional, it is recommended.

If you are going to use the forced login feature, you will need to specificy the redirect URI.