Reputation:
Why do we need to specify redirect uri two times while using Oauth2
I was wondering why we need to specify the redirect uri both in our code and in google developer console when using Oauth2.I was following this tutorial http://www.tothenew.com/blog/grails-way-of-oauth-2-0-to-access-google-apis-part-1/.
Upvotes: 2
Views: 777
Answers (2)
Reputation: 53928
The client may register multiple redirect_uri's with the Authorization Server (i.e. Google) and sending the redirect_uri in the request itself is to let the Authorization Sever know on which one of the registered redirect_uri's the client wants to receive the authorization response.
The redirect_uri parameter is optional by spec: if there's only one registered, then the redirect_uri parameter may be omitted from the request.
Upvotes: 2
Reputation: 521194
The only redirect URI which really matters is the one which you enter into your Google Developer Console. This redirect URI is what Google will use to reconnect with your web application after it has either approved or rejected your authorization attempt.
The reason you are also specifying this redirect URL in your code is to ensure that your application can correctly recognize the incoming redirect request.
Upvotes: 1
Related Questions
- What is the point of redirect_uri for the Google get token call?
- OAuth2: why do I need to validate redirect uri
- What is the purpose of redirect_uri parameter when exchanging code for access token
- Google OAuth 2 is generating redirect_uri instead of using one defined in client_secret.json
- Why google-oauth API requires redirect-url?
- Google OAuth2 Redirect URL Issues
- How to understand the Google Redirect URI correctly?
- google Oauth2.0 authenticate - not continue to redirect_uri
- Confusion with redirect_uri in OAuth 2.0
- OAuth2: Why do we need redirect URI for user agent