Reputation: 150
Android: Google OAuth 2.0 with App Links: redirect_uri_mismatch
My task is to set up Google OAuth 2.0 to obtain authorization code (not a token) for later use. Enabling custom Uri schema in Google Cloud Console is not recommended. So, to do that I'm using App Links.
The problem is that I get redirect_uri_mismatch exception.
What I did:
Added https://example.com/.well-known/assetlinks.json with my debug fingerprint:
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.mypackage.app",
"sha256_cert_fingerprints":
["FB:34:15:34:8F:6B:[...]"]
}
}]
Added intent filter:
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="http" />
<data android:scheme="https" />
<data android:host="example.com" />
</intent-filter>
Used AppAuth-Android to create request:
val serviceConfiguration = AuthorizationServiceConfiguration(
Uri.parse("https://accounts.google.com/o/oauth2/v2/auth"), // Authorization endpoint
Uri.parse("https://www.googleapis.com/oauth2/v4/token") // Token endpoint
)
val redirect = "https://example.com"
val authRequestBuilder = AuthorizationRequest.Builder(
serviceConfiguration, // the authorization service configuration
GOOGLE_CLIENT_ID, // the client ID
ResponseTypeValues.CODE, // the response_type value: we want a code
Uri.parse(redirect)) // the redirect URI to which the auth response is sent
val authRequest = authRequestBuilder
.setScope("openid email profile")
.setState(state)
.build()
val authService = AuthorizationService(this)
// An Intent that will handle the redirect result
val redirectIntent = Intent(this, SignUpActivity::class.java)
.setAction(redirect)
authService.performAuthorizationRequest(
authRequest,
PendingIntent.getActivity(this, 0, redirectIntent, PendingIntent.FLAG_IMMUTABLE)
)
I also tested App Link as Android docs say, an it shows that App Link works (redirect me directly and immediately to my app):
adb shell am start -a android.intent.action.VIEW \
-c android.intent.category.BROWSABLE \
-d "http://example.com"
In Google Cloud Console my Client ID for Android page look like this (and I'm not sure what to do here):
Can you help me to found the root of the problem please?
Upvotes: 1
Views: 95
Answers (2)
Reputation: 1140
EDIT: Google deprecated the Sign-In for Android library and now recommend using Credential Manager and Authorization Client. See @ade19's response.
---Don't use below---
With custom uri scheme disabled for an Android OAuth client (as recommended and as you should due to the security risks), Google's alternative is to use their SDK:
Use the Google Sign-In for Android SDK which delivers the OAuth 2.0 response directly to your app, eliminating the need for a redirect URI.
Upvotes: 0
Reputation: 1200
You should use the Credential Manager API for authentication and the Authorization Client API for authorization requests (Migration Guide).
If you are making authorization requests and using the Authorization Client API, you can get the auth code by calling the getServerAuthCode() method of the AuthorizationResult.
This is the recommended approach that does not require specifying a redirect URI.
Upvotes: 2
Related Questions
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Correct Android intent-filter configuration to associate a file type with an Activity?
- Flutter - Android intent-filter with Google Oauth
- Android Google oAuth2 "/oauth2/v4/token" request show exception file not found
- Android : Handle OAuth callback using intent-filter
- how to handle redirect_uri_mismatch error when Android app obtains offline access for Web back-end?
- Google OAuth Installed Application Flow: redirect_uri_mismatch
- Why do my Android app get an Unknown Source Exception requesting short-lived authorization code in Google OAuth 2.0 flow?