Vineet
June 15, 2025, 11:18pm
1
Org name: Tambla WFM (Oahi WFM)
Detailed description of the issue and where it occurs:
Using Postman, we could access the Authorize Endpoint at the following URL 'https://demo.deel.com/oauth2/tokens
Since last week, the endpoint return as 401 Unauthorized error.
Postman Client throws the following error:
{
"error": "access_denied",
"error_description": "Invalid redirect URI for authorization",
"status": 401
}
Complete logs from Postman is attached below
09:11:40.442
POST https://demo.deel.com/oauth2/tokens
401
5.90 s
POST /oauth2/tokens HTTP/1.1
Authorization: Basic ZDhlZmY4MzYtYmVlZC00ZjBkLWE4MzktMDVjY2Y3OWJiNjgxOlhuWk5MeXhuZFZ4Y01UUkdMRVpLYUE9PQ==
User-Agent: PostmanRuntime/7.44.0
Accept: */*
Postman-Token: 6cccd353-034b-415c-9c23-52b0ba987c0a
Host: demo.deel.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1318
Cookie: __cf_bm=nPRfyG14wrvZVquSUubcuGSa7yufz.az2HR1P2WdBhs-1750029004-1.0.1.1-k3YAeKl6V2gJe4pVbZ34xX18Vd96RQDvFMPt9A9dssT67TUlu6GUcXlS2AR4zUolWvNc5SSwIIQmdJnK7mOGo5LYlzj9NTmfwafts9QM0WY
refresh_token=refresh_token%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnRfaWQiOiJkOGVmZjgzNi1iZWVkLTRmMGQtYTgzOS0wNWNjZjc5YmI2ODEiLCJ1c2VyX2lkIjoiMjc0NzU3ODciLCJwcm9maWxlX2lkIjoiMjc2OTM3ODYiLCJvcmdhbml6YXRpb25faWQiOiIxOTEwODMiLCJvcmdhbml6YXRpb25fbmFtZSI6IiIsInRva2VuX3R5cGUiOiJvcmdhbml6YXRpb24iLCJzY29wZSI6ImNvbnRyYWN0czpyZWFkIG9yZ2FuaXphdGlvbnM6cmVhZCB0aW1lc2hlZXRzOnJlYWQgdGltZXNoZWV0czp3cml0ZSBVc2VyczpyZWFkIHBlb3BsZTpyZWFkIHRpbWUtb2ZmOnJlYWQgdGltZS10cmFja2luZzp3cml0ZSB0aW1lLXRyYWNraW5nOnJlYWQgYWRqdXN0bWVudHM6d3JpdGUgYWRqdXN0bWVudHM6cmVhZCIsInJ0X2lkIjoiYWJlMjVkNDktYTNiMC00M2Y3LTgyMmMtNjZhOWE1ZDQzODQzIiwiaWF0IjoxNzUwMDI5MDA0LCJleHAiOjE3NTc4MDUwMDQsImlzcyI6ImRlZWwtaW50ZWdyYXRpb25zIn0.iuBIk2U0WwNPVMfGdA21tRoDRjfJc2xvkxoSlmLVgAkL3gaZpAnQ8XPlPY_tx7piGLZmTyMms8jtKQD7hJzccvjeWZhDDK6D__7koMJkQfKXw5fBpYkpXFXWgLuajfrw-arVXAP46AO_IkLBP2AefBtaEWLbpZdmcgCMSgx3YeY2-9L_hAx9t1d3av554BtMsdlvfdgTAa49d20vRnbLDRRv4SQVVvkEjyy0bjrqOCWgviUlokdl7WatN3byTW0tUbQPQJIV-Sn22cnfTvZSCZ90BXiV_gObbW_JynfvBTwj4I_0Ym44JNb4BK9Pdtbmp7wdJTrV7oGnrhCWKqnoNfRWm9fhEHXquHiVrBAzdbSgsOJK3MgOgsdkLe5AH6uqPpUlW3Ffqseh5fGv6EZHjDBn8SIxKgtD496XF9o7Xixb7wLl8VVsLpabarOIhYD_ikOpwO3iogaq-p7_35FwpOf2uNzAHV8yr6DRkjJwI-MApVFeQch02Db49kpGCruH&redirect_uri=redirect_uri%3Dhttps%3A%2F%2Foauth.pstmn.io%2Fv1%2Fcallback&grant_type=grant_type%3Drefresh_token
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Content-Length: 99
Connection: keep-alive
Date: Sun, 15 Jun 2025 23:11:40 GMT
CF-RAY: 9505bf5038f0a937-SYD
content-security-policy: base-uri 'self';font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src 'self' https://avatars.githubusercontent.com/ https://heapanalytics.com/ https://www.googletagmanager.com/ https://s3.us-east-1.amazonaws.com/media.letsdeel.com/ https://media.letsdeel.com/; default-src 'self' https://*.deel.training/ https://*.giger.training/ https://*.letsdeel.com/ https://apis.google.com/ https://content.googleapis.com/ https://accounts.google.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://www.googleoptimize.com/ https://*.amplitude.com/ https://cdn.jsdelivr.net/ https://*.heapanalytics.com/ https://collect.deel.com/ 'unsafe-eval' https: 'unsafe-inline';
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
etag: W/"63-AztiRxNivmK0P+EPLqo3okHb2Ik"
cf-cache-status: DYNAMIC
Server: cloudflare
X-Cache: Error from cloudfront
Via: 1.1 c9801432acaf39452e5421e7eeabc4b0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: SYD62-P2
X-Amz-Cf-Id: JtZdxOE1S_4hIsLpzLUps9Csg0MnLT1abTXFxbEvaB0IAET4dhKgqg==
Vary: Origin
{"error":"access_denied","error_description":"Invalid redirect URI for authorization","status":401}
Hello @Vineet , can you please confirm if the issue persists? We have deployed a fix for this on the past days
Vineet
June 23, 2025, 7:27am
3
Hello @Gabriela_Deel ,
The issue still persists. I have registered Postman redirect url. It was working until close to end of May 25, after which it started throwing the below error:
Regards,
Hello Vineet, can you please send the cURL request for further investigation on your issue?
Given that this is sensitive information feel free to send me either via Slack or email (gabriela.picolo@deel.com )
Vineet
June 26, 2025, 1:04am
5
Hello @Gabriela_Deel , There was an error in the Request body and corrected.
I have emailed you the details.
Thank you,
