The OAuth2 process is not redirecting back to our application after authorization


We have a heavy API integration using the PHP SDK. On multiple different servers, the OAuth2 process is not redirecting the user back after authenticating as of this afternoon. Nothing has been changed on our end. The redirectUri parameter is present in the URL using the getAuthorizationUrl() method , but when a user authenticates, they are simply directed back to the Infusionsoft dashboard, not our server. The code and session token does not get passed back after logging in. This is causing massive disruptions in business and service for us.

The below code is used to set up the Infusionsoft instance, and has been working flawlessly for over 2 years. Can someone please assist me with this?

$_SESSION['initial_url'] = $_SESSION['initial_url'] ?? '/reports/internal-form.php';
$_SESSION['initial_url'] = ($_SESSION['initial_url'] !== '/reports/index.php') ? $_SESSION['initial_url'] : '/reports/internal-form.php';

// Make sure it's not set to index.php to avoid redirect loop.

require_once 'vendor/autoload.php';
require_once 'env.php';

$infusionsoft = new \Infusionsoft\Infusionsoft(array(
    'clientId' => CLIENT_ID,
    'clientSecret' => CLIENT_SECRET,
    'redirectUri' => 'https://' . $_SERVER['HTTP_HOST'] . '/reports/index.php',

// If we are returning from Infusionsoft we need to exchange the code for an
// access token.
if (isset($_GET['code']) && !$infusionsoft->getToken()) {
    $_SESSION['token'] = serialize($infusionsoft->requestAccessToken($_GET['code']));

// If the serialized token is available in the session storage, we tell the SDK
// to use that token for subsequent requests.
if (isset($_SESSION['token'])) {
    //     header('Location: https://' . $_SERVER['HTTP_HOST'] . '/reports/coaching.php');

if ($infusionsoft->getToken()) {
    // Save the serialized token to the current session for subsequent requests
    $_SESSION['token'] = serialize($infusionsoft->getToken());
    header("Location: https://{$_SERVER['HTTP_HOST']}{$_SESSION['initial_url']}");

Thank you in advance for your help.

Christain, this appears to have been an issue with one of our teams rotating secrets due to this CircleCI security notification. It should be working properly now.

Thank you Tom - it looks like everything is back up and running on our end. Very glad to see this resolved.