I’ve got the same issue. I had all of this working 9-12 months ago and I’ve come back to it, having had my applications removed. I’ve created new apps and with the same code, the authorise secures a redirect url, but that simply shows a Page Not Found error.
So, what’s changed? Can I provide my client and timestamp details to verify what the back-end issue is?
Our redirect URI also had to match exactly, character for character, with what was registered.
The other issue on our side was callback handling. After CH redirected back to us, our app was rejecting the callback because of CSRF/session assumptions on a cross-site OAuth return. We fixed that by allowing the GET callback through and validating with the OAuth state nonce instead.
So the practical checks I’d suggest are:
Confirm you are using the sandbox identity host for both authorise and token if this is a sandbox app.
Confirm the redirect URI is an exact match to the one registered.
Confirm the requested scope is valid for the app.
Log the full generated authorise URL and the raw callback query string.
Check whether your own app is blocking the callback before token exchange.
In our case, once we corrected the sandbox endpoints and fixed callback validation, the flow started working again.
If you want to ask CH to check logs, I’d definitely send them your client ID, exact UTC timestamp, full authorise URL parameters excluding secrets, and the exact redirect URI used
When testing the Auth Flow, how do you then login when your redirected to Companies house though as the companies house dev hub login credentials don’t work.
Sorry responding here is tedious… i keep getting stopped for using words… apologies, i would like to help you but have to edit every line because i cannot use some word or another…