OpenID Connect checklist

 In case you get an error message when going through the OpenID Flow the checklist below might be beneficial for you. The checklist assumes that you have read the documentation and that you've followed our recommendation on how to send the requests. If you haven't done so, please read it here 

You need to check the following, to ensure you will successfully implement OpenID Connect

Redirect URI 

Whitelisted Redirect URI:

Have you used a redirect URI that has been whitelisted at MobilePay? You can only use the redirect URI that has been whitelisted. If it has not been whitelisted, you should write to in order for it to be whitelisted. You cannot use an Redirect URI that hasn’t been whitelisted by us. 

Is the redirect URI a https:

Is the redirect URI https? It should always be https (unless it is local host) otherwise you'll receive an error message

Do you use the same Redirect URI:

The URL’s need to be both on authorize and token requests


Correct clientSecret and clientID:

Are you using the clientID and ClientSecret from the zip file when getting/renewing access token? You should not use the clientID from the developer portal when doing your OpenID Connect requests. 

Correct Scope:

Are you using the right scope? You should use  invoice openid offline_access for MobilePay Invoice and if you're integrating MobilePay Subscriptions, you should use subscriptions openid offline_access 

Is the Code Challenge correct?

The code challenge must be within these requirements:

  • CodeChallengeMinLength = 43
  • CodeChallengeMaxLength = 128

You can see more about the code challenge here luck? If that doesn't help you, please send us a report, as demonstrated here.