Hi. I’m trying to create an OAuth client. As far as I can tell, I’ve done it correctly and the page shows it set up with all the ids and secret. The status is listed as “New”, and when my python script tries to do the authorisation, I get a 403 Error. Does the OAuth client need to be activated in some way? Thanks in advance.
One obvious thing. Did you remember to authorise the access in the Monzo app?
Yes, I did. It doesn’t seem to be even getting as far as Monzo. I keep getting a Cloudfront error page.
I really hope someone technical from Monzo reads this.
I’ve verified the following to ensure this is not a client-side configuration issue:
Client Confidentiality: Confirmed the client is set to “Confidential” as required for a server-side application.
Redirect URI Match: Confirmed the Redirect URL is an exact, character-for-character match between the developer portal setting and the redirect_uri parameter in the authorization URL.
Credentials Regenerated: Revoked the old client and created a brand new one to ensure the client_id and client_secret strings were not causing the issue. The problem persists with the new client.
Network Isolation: The error occurs on my home network and also on a different network (a mobile hotspot), ruling out an IP-specific block.
Browser Isolation: The error occurs when the URL is opened by the script and also when the authorization URL is manually constructed and pasted into a clean, Incognito browser window. This rules out browser extensions or script errors.
Given these steps, I’ve eliminated all the potential user-side configuration errors I can think of. The issue appears to be server-side, where the WAF is blocking the request for a reason I cannot determine.
I was encountering the same problem.
In my case the issue was because the URL I was redirecting the user to was too large, specifically I was passing a large state parameter (~1700 chars), refactoring and redirecting to a smaller URL seemed to fix this issue for me.