Getting redirect_uri_mismatch error with multiple uris

Question

I am trying to consume Google Oauth v2. I go into my api console and setup the following 2 redirect uris...

http://localhost:3000/auth/authenticate
http://localhost:3000/auth/google/getToken

When I run the following...

curl -d "code=<removed>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fgoogle%2fgetToken&client_id=<removed>&client_secret=<removed>&grant_type=authorization_code" -X POST https://accounts.google.com/o/oauth2/token

everything works great, however,

curl -d "code=<removed>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fauthenticate&client_id=<removed>&client_secret=<removed>&grant_type=authorization_code" -X POST https://accounts.google.com/o/oauth2/token

fails saying...

"error" : "redirect_uri_mismatch"

I did just change this, is there a propagation time frame? How do I get both uris to work?

Answer 1

Just in case if you're using Google+ javascript button, you have to put postmessage instead of actual URI. It takes me almost whole day to figure out this, because Google docs doesn't clearly stand it for some reason.

Answer 2

As described here the second time you send redirect_uri you send it for validation(they need to match) and this is not an arbitrary value. You need to pass the same value for redirect_uri when requesting for access token to the value of redirect_uri in which you asked user to be redirected after authorization. Otherwise google(or any other provider will generate an error message).

Answer 3

An app can have multiple redirect_uri values. However, the same redirect_uri that is used in the initial authorization request (where the user is redirected) needs to be used in the token request. Changing uris on a single authorization will fail with that error.