Hi,
We’re currently struggling with OAuth authentication and hoping someone technical can point us in the right direction.
We’ve logged into the De[v]eloper Portal and created a test application with the following configuration:
-
Key name: OAuth Web Client
-
Key type: Web
-
Client ID: 4c22ea52-7d0e-47da-80e5-ea1b754d0f78
-
Redirect URI: http://localhost:3000/callback
-
Registered on: 25 February 2026
We then followed the authorisation steps as documented in the Companies House Identity Service reference docs, using the following URL:
https://identity.company-information.service.gov.uk/oauth2/authorise?response_type=code&client_id=4c22ea52-7d0e-47da-80e5-ea1b754d0f78&redirect_uri=http://localhost:3000/callback&scope=https://identity.company-information.service.gov.uk/user/profile.read&state=randomstring123
However, we keep receiving a 403 Forbidden error. As far as we can tell, we’re following the documentation correctly.
Has anyone encountered this before, or can anyone offer any guidance on what we might be missing?
Thanks, Fahim