localhost redirect_uri does not work for Google Oauth2 (results in 400: invalid_request error)

Question

There was a recent update to the Google Cloud Platform oauth service enforcing strict usage of HTTPS for all redirect URIs. However, localhost urls should be exempt, and those are allowed to use http. More generally, the rules for validation are here.

I have since made updates for some of my company's internal Node web apps to comply with the new oauth changes, and they work perfectly when deployed.

My issue is with local development (on http://localhost:4000). Whenever I try to sign in via Google on my localhost, I get a vague 400 invalid_request error saying my app does not comply with the security validation rules (already referenced). They also hyperlinked me to a section in their docs about security and HTTPS. I strongly believe that my redirect_uri meets their security standards (http://localhost:4000/login/google/callback ). I am also absolutely sure I have it correctly on the Google console credentials section (any mismatch would be a redirect_uri_mismatch error anyways). Please tell me if I'm missing something here? I use the 'passport-next/passport-google-oauth2' middleware package, and again, there are no problems when the app is deployed.

I've also noticed recently a couple other people on here with similar unresolved issues:

1. google oauth from localhost throws invalid request error (i don't fully understand the first answer/I don't understand how it's relevant)
2. error 400 invalid request when using google oauth 2-0 in local (no answers)

Answer 1

Apps that are in production may not have localhost redirect uris.

Either switch it back to test or use another project that is in test. The following redirect uri is invalid for a project that is in production

http://localhost:4000 

update docs as per comment request

Redirect URI validation rules