Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Am getting an error "invalid return_url" when using the client.js Trello.authorize method

Am using the client.js by including it in html with the API_KEY.

And calling as below

var authenticationSuccess = function() {
console.log('Successful authentication' + Trello.token());

var authenticationFailure = function() {
console.log('Failed authentication');
type: 'popup',
name: 'Getting Started Application',
scope: {
read: 'true',
write: 'true' },
expiration: 'never',
success: authenticationSuccess,
error: authenticationFailure


Then i see a page with invalid return_url.

1 answer

I had the same problem.  You have add your ORIGIN (the location of the file that calls the Trello.authorize() to the list of "Allowed Origins" on .  After I included my origin, I no longer got the "Invalid return_url" response, and it returned the desired token.

Source of confusion:  The comments under "Allowed Origins" on refer to sites that "your application is allowed to redirect back to following the authorization flow."  That was a bit confusing to me.  The list should include sites you want to redirect back to IN ADDITION TO the sites you are calling Trello.authorize() from.

If you are thinking "I don't need a redirect" (and, in fact, I don't believe you can set a return_url when using client.js since you'll want your page to continue to render), then those comments under "Allowed Origins" could lead you to believe you don't need to specify anything there.  That would be incorrect.

Summary:  Even if you want NO post-authorization re-direct, you still have to list an ORIGIN.

A few other comments...
- Wildcards as Allowed Origins didn't work for me.
- You cannot specify file:// in Allowed Origins, so you cannot run your javascript off a local file.
- Specifying a return_url works if you call the URL (like<YOUR KEY>&return_urli=<YOUR RETURN_URL>... ) yourself.  If you use client.js to generate the URL, you aren't able to specify a return url.
- If you want to reset things to experiment more, just revoking access on<YOUR_NAME>/account doesn't clear the cache.  You also need to clear stored data for your original site by clearly it on (for Chrome) chrome://settings/siteData?search=cookies .

If I'm working locally in firefox (ubuntu 20.04) in a simple .html file. What should I put in the Origin field ? localhost? or what? Please help.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Trello

📹 What is Trello?

Hello Community!  My name is Brittany Joiner and I am a Trello enthusiast and Atlassian Community Leader. I'll be sharing with you a series of videos with my top tips on how to best use Trello...

210 views 7 13
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you