Login/Register
localhost redirect_uri does not work for Google Oauth2 (results in 400: invalid_request error)
Asked Answered
google-oauthpassport-google-oauth
C

1

7

There was a recent update to the Google Cloud Platform oauth service enforcing strict usage of HTTPS for all redirect URIs. However, localhost urls should be exempt, and those are allowed to use http. More generally, the rules for validation are here.

I have since made updates for some of my company's internal Node web apps to comply with the new oauth changes, and they work perfectly when deployed.

My issue is with local development (on http://localhost:4000). Whenever I try to sign in via Google on my localhost, I get a vague 400 invalid_request error saying my app does not comply with the security validation rules (already referenced). They also hyperlinked me to a section in their docs about security and HTTPS. I strongly believe that my redirect_uri meets their security standards (http://localhost:4000/login/google/callback ). I am also absolutely sure I have it correctly on the Google console credentials section (any mismatch would be a redirect_uri_mismatch error anyways). Please tell me if I'm missing something here? I use the 'passport-next/passport-google-oauth2' middleware package, and again, there are no problems when the app is deployed.

I've also noticed recently a couple other people on here with similar unresolved issues:

  1. google oauth from localhost throws invalid request error (i don't fully understand the first answer/I don't understand how it's relevant)
  2. error 400 invalid request when using google oauth 2-0 in local (no answers)
Circumvent answered 17/11, 2021 at 16:48 Comment(3)
If your app is in production then you cant use localhost redirect uris. If you want to use localhost redirect uris you need to switch it back to testing.Cheer
my apps in production have separate production redirect uris... I don't understand what you mean @DaImToCircumvent
Solved here https://mcmap.net/q/362375/-testing-google-oauth-2-0-with-localhostBiggerstaff
C
3

Apps that are in production may not have localhost redirect uris.

Either switch it back to test or use another project that is in test. The following redirect uri is invalid for a project that is in production

http://localhost:4000

update docs as per comment request

Redirect URI validation rules

enter image description here

Cheer answered 17/11, 2021 at 17:39 Comment(3)
I see, this is an error with our app configurations on the Google Cloud Platform console, then. Will investigateCircumvent
do you mind linking to the source that says that Apps that are in production may not have localhost redirect URIs?.Haircut
Sure thing there you go. Very first point Scheme.Cheer

© 2022 - 2024 — McMap. All rights reserved.