Google Api 'Exchange authorization code' returning Unauthorized

Question

I am trying to get authentication token from Google Api following the steps of this tutorial: https://developers.google.com/identity/protocols/OAuth2WebServer#exchange-authorization-code

I am sending an http post request to api as described in step 5 of above tutorial. Following it my code:

List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
                    postData.Add(new KeyValuePair<string, string>("code", code));
                    postData.Add(new KeyValuePair<string, string>("client_id", "XXX"));
                    postData.Add(new KeyValuePair<string, string>("client_secret", "XXX"));
                    postData.Add(new KeyValuePair<string, string>("redirect_uri", "XXX"));
                    postData.Add(new KeyValuePair<string, string>("grant_type", "authorization_code"));
    using (var httpClient = new HttpClient())
                    {
                        client.DefaultRequestHeaders.Accept.Clear();
                        client.DefaultRequestHeaders.Add("Contenttype", "application/x-www-form-urlencoded");
                        using (var content = new FormUrlEncodedContent(postData))
                        {
                            content.Headers.Clear();
                            content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
                            HttpResponseMessage response = await httpClient.PostAsync("https://www.googleapis.com/oauth2/v4/token", content);


                            //var response = (await client.PostAsync(gh, content));//encodedContent));
                            if (response.IsSuccessStatusCode)
                            {
                                string res = await response.Content.ReadAsStringAsync();
                                var obj = Newtonsoft.Json.JsonConvert.DeserializeObject<dynamic>(res);
                            }
                        }
                    }

It is returning me a 401 'Unauthorized' response.

    {StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.NoWriteNoSeekStreamContent, Headers:
{
  Cache-Control: max-age=0, private
  Date: Fri, 20 Apr 2018 13:11:01 GMT
  Transfer-Encoding: chunked
  Accept-Ranges: none
  Server: GSE
  Vary: X-Origin
  Vary: Origin
  Vary: Accept-Encoding
  WWW-Authenticate: Bearer realm="https://accounts.google.com/"
  X-Content-Type-Options: nosniff
  X-Frame-Options: SAMEORIGIN
  X-XSS-Protection: 1; mode=block
  Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
  Content-Type: application/json; charset=UTF-8
  Expires: Fri, 20 Apr 2018 13:11:01 GMT
}}

Following is the header of post request:

    POST /oauth2/v4/token HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
x-ms-request-root-id: 60d8427e-4efe61d8a3b25e96
x-ms-request-id: |60d8427e-4efe61d8a3b25e96.1.
Request-Id: |60d8427e-4efe61d8a3b25e96.1.1.
Content-Length: 322
Host: www.googleapis.com

I am sending this request from my app from http://localhost:1083 port and I have added this url in Authorized urls as well. I know its a little ambiguous error msg, but I am tired of hit and trial and stuck here. I am using .net core 2. I even tried to hit "http://www.googleapis.com/oauth2/v4/token" (without ssl) and them it returns 403 Forbidden error.

Answer 1

After banging my head against the wall for 6 hours I resolved following problems one by one:

1. I was using the different client_id in the request of step 5 of the article. I had to use the same client Id as I used in step 2.

2. Consent screen was still using wrong client_id. I had to clear the cache.

3. We have to use the same redirect_uri in step 5 of the article that we used in step 2. This was the most important problem. I kept getting 'redirect_uri_mismatch' due to this issue.

Hope It would help somebody.