Encrypt Online
Theme
Privacy Tool inputs are processed in your browser and are not sent to us.

OAuth Redirect URI Checker

Compare the registered callback exactly with a pasted redirect URI or one extracted from a request

Keep authorization data private: Prefer a test request with invented values. Comparison runs in this browser; inputs are not saved, uploaded, fetched, or added to the URL.
Compare the callback strings exactlyUse a sent redirect URI directly, or extract it from an authorization request with one decoding pass
Samples use reserved example domains.
Paste the stored value without trimming or rewriting it.
Compares this complete string without decoding or normalization.
Why the Exact Redirect URI Matters

This checker compares the registered callback with the sent value as complete strings. Case, slashes, ports, query order, Unicode, percent-encoding, and invisible whitespace remain significant in the result. Parsed components help locate a difference but do not rewrite either input.

Extract redirect_uri from an Authorization Request

Select the authorization-request input form when you have a complete authorize URL or copied query string. The checker requires one non-empty redirect_uri parameter and decodes its value once. Duplicate parameters, malformed escapes, and missing values are reported instead of guessed.

Differences Worth Checking First
  • A trailing slash or a different callback path.
  • http versus https, or a changed port.
  • A staging host, tenant, or client paired with production settings.
  • A value encoded twice before it reaches the authorization server.
  • Whitespace copied with the registered or sent value.
OAuth Redirect URI Checker FAQ
Does a trailing slash change the result?

Yes. Adding or removing a slash changes the string, so the checker reports a mismatch even if both URLs appear to reach similar application code.

Does a loopback redirect get a port exception?

Some native-app flows allow authorization servers to vary a loopback port. This page can identify that context, but it still reports whether the two pasted strings are exactly equal.

Does an exact match prove the provider will accept it?

No. It proves only that the compared strings are identical. Client registration, provider rules, tenant selection, and request policy remain outside this browser-only comparison.