How to encode an OAuth redirect_uri parameter

OAuth 2.0 authorization requests pass the callback URL as a redirect_uri query parameter. Because the callback URL itself contains characters like ://?= that are meaningful in URLs, it must be percent-encoded before being appended as a parameter value. Forgetting this step is one of the most common causes of OAuth redirect failures. This guide shows how to encode a redirect URI correctly in one step.

Step-by-step guide

1. Paste your callback URL: Paste the full callback URL — for example https://myapp.com/auth/callback?state=xyz. This URL contains characters that must be encoded when used as a parameter value.
2. Select encode-component: Choose 'encode-component'. This encodes the : // ? = & characters in your callback URL so they are not misread as delimiters in the outer authorization URL.
3. Append to the authorization URL: Copy the result and append it to the authorization endpoint: https://auth.example.com/authorize?client_id=...&redirect_uri=<encoded-callback>. The encoding table confirms that ://?=& were encoded.

Frequently asked questions

Why does the OAuth server reject my redirect_uri even when encoded?

Most OAuth servers require the redirect_uri to exactly match a pre-registered URI. The comparison is usually against the decoded value, but some servers compare the encoded form. Ensure the URI you encode matches the one registered in the OAuth application settings character-for-character.

Should I encode the entire authorization URL or just the redirect_uri value?

Encode only the value of redirect_uri, not the entire URL. The outer authorization URL must remain a valid URL — encoding it entirely would break the structure the browser needs to navigate to.