Reputation: 351
Google OAuth code flow, can't exchange code for token with error "redirect_uri_mismatch"
I'm implementing social login on my website. I was able to implement the "One tap" flow, but I need to have an alternative to handle the "cooldown" which prevents the popup from appearing, if the user blocked it or closed it. So I followed the "Authorization" flow on Google documentation. Until yesterday morning everything was working fine and I succesfully exchanged the code with a token by calling
https://oauth2.googleapis.com/token
or
https://accounts.google.com/o/oauth2/token
sending secret and everything. In a first instance I used Postman, then I made a sample code in a Spring project, before preparing the final code in another Spring project.
The first run in the final project I started getting a 400 error, with the redirect_uri_mismatch error key.
And then I was never able to do the exchange anymore, I get the same error from Postman as well.
The config is correct (It never changed from when it was working).
How can I solve this??
Here's some code
FRONTEND
this.client = google.accounts.oauth2.initCodeClient({
client_id: this.clientId,
scope: "openid profile email",
ux_mode: "popup",
redirect_uri: this.redirectUri,
callback: (response) => {
debugger;
this.submitFakeForm({
clientId: this.clientId,
code: response.code
});
}
});
this.client.requestCode();
POSTMAN PARAMS
this.redirectUri is identical to the one passed here and set up on Google credentials
FOR THE MOST SKEPTICAL, THE AUTHORIZED REDIRECTS :)
They're repeated in couples, because one is for local development, one is for the integration environment. And of course the production config is on another credential.
Upvotes: 2
Views: 1490
Answers (1)
Reputation: 351
Nowhere in the docs is this, but I came across this answer here on stackoverflow and it's basically suggesting not to pass the real redirect_uri, but to use a fixed string postmessage.
I want to point up again that I was using the real redirect_uri yesterday and it worked.
I will do some tests again in the future and update here if something changes.
For now just know that using postmessage fixed the issue for me
also I will be using https://oauth2.googleapis.com/token as endpoint, since it's the one mentioned in the (awful) docs, although https://accounts.google.com/o/oauth2/token works just as well.
Upvotes: 3
Related Questions
- Google OAuth 2.0 redirect_uri_mismatch error when trying to get access token
- Error: redirect_uri_mismatch google api oauth2 to get access token
- "redirect_uri_mismatch" when exchanging access token under "popup" mode
- Google OAuth2 Authorizing OAuth token error: redirect_uri_mismatch
- Google OAuth redirect URL mismatch
- Error "redirect_uri_mismatch" when trying to exchange authorization code for access token in Google API
- Node Google OAuth2 redirect_uri_mismatch
- Oauth2.0 Google API token issue - Error: redirect_uri_mismatch
- Google OAuth 2.0 returns invalid redirect_uri_mismatch when getting access_token
- Redirect_uri_mismatch when contacting Google APIs with OAuth2