Error "redirect_uri_mismatch" when trying to exchange authorization code for access token in Google API

Question

As the title suggests, I am getting "redirect_uri_mismatch" when trying to exchange authorization code for access token in Google API (this is offline_access flow). However, the strange thing is, exact same code with same parameters works in one environment (staging) and doesn't work on another one (production). Logging shows that bodies of requests are exactly same (except the authorization code obviously). Body is as follows:

{
    "client_id": "*client id*",
    "client_secret": "*client secret*",
    "code": "*authorization code*",
    "grant_type": "authorization_code",
    "redirect_uri": "*front-end url, registered in Google cloud console*"
}

Answer 1

The redirect_uri is the location that the user will be redirected to after authorization.

The redirect_uri is where you are passed the code in the GET query parameters. @DalmTo describes this better as "redirect_uri is the location that the Authorization code is returned to it should be the code that can handle the authorization code exchange."

The redirect_uri must match one of the values stored in the Google Cloud API Console. This is a security measure to prevent someone from forging an authorization request that redirected the user to a different server. The code is the secret that is exchanged for OAuth 2 tokens.

The solution is to log in to the Google Cloud API console and add the redirect_uri for your production environment OR use the correct value in your request body that is already stored in the API Console.