I try setup a custom app (https://openai.com/index/introducing-apps-in-chatgpt/) with an MCP server in the back. That MCP server uses Oauth authentication.
Going through the setup flow leads to an “unsafe_url error“ (See screenshot) that I cannot explain without further logs.
Any idea what might be going wrong?
Got same error here for MCP server with OAuth setup.
I wonder if there’s any check on the domain name the MCP server address and OAuth urls.
Hi @ike.braun and @dooodle
Did you find a solution for that problem or the cause?
We are having the same issue when trying to submit our new app using appsdk
Thank you!
The “unsafe_url” error happens when the OAuth redirect URI doesn’t exactly match what’s registered in your OpenAI app or fails security checks (e.g., non-HTTPS, localhost without a tunnel, or mismatched domain/port/path). To fix it, ensure the redirect URL is identical to the registered one, use HTTPS (ngrok for local testing), and make sure your MCP server doesn’t modify the URL in transit. This alignment should resolve the error and allow the OAuth flow to complete.
