Correct redirect URI for Google API and OAuth 2.0 - McMap

About

Correct redirect URI for Google API and OAuth 2.0

Asked 4/7, 2012 at 14:21 Answered 11/12, 2012 at 15:45

google-maps-api-3 oauth-2.0 google-fusion-tables

V

1

37

I am making an application with the Google Maps API. I want to be able to have one person on a computer, watch what another person has edited to a map. I am thinking of passing information of the map to a Google Fusion Table. The other person will be able to see everything as a layer. I would like for the program to just run from the user's browser and not build a website for it.

To edit the fusion tables, I need to gain access/tokens. I am currently trying to use these there JavaScript to accomplish this. ScriptSample.html, oauthWindow.html, and gwt-oauth2.js. This is the working example.

When I run them, I get am error that says the redirect URI is incorrect. It says the file I use to redirect does not have authority. My first obvious question is:

How do I give that file authority to redirect?

In my API console, I have it set up as a client-side web application. Should I change it to an installed application?

Currently I have the following settings:

my JavaScript origin is: https://localhost
redirect URI: https://localhost/oauthWindow.html

Thanks

Vander answered 4/7, 2012 at 14:21 Comment(5)

Are you serious using a localhost-based callback URI? It means that the OAuth server should send the response to itself, which is meaningless. You should definitely use some URL accessible from the external network. – Individuate 5/7, 2012 at 9:24

Sorry, I was wrong, I have to correct myself. Callback URIs are used only to redirect your browser with the authorization result, thus a localhost-based callback URI could work in theory. On the other hand, it has serious security issues, making the whole callback URI checking method pointless. As a consequence, you still should provide an externally accessible callback. – Individuate 17/9, 2012 at 9:29

I have issues with this as well. For some super-strange reason google has decided that my redirect url, which is https://something should be converted into http://something. This is horrible because my server have a strict requirement for ssl/https, no exceptions. – Twenty 22/2, 2014 at 21:21

@ZólyomiIstván redirecting to localhost is how google recommends setting up the OAuth flow for installed apps. In google's own OAuth2 library for python, this is how they implement their "flow_from_client_secrets()" method in their tools.py module. – Teodora 26/8, 2018 at 23:33

There seems to be many misunderstandings here. Using a loopback 127.0.0.1 address is common practice for desktop apps integrating using OAuth. Obviously, the OAuth backend server will not communicate with this IP adress, but the web browser will, using client-side scripting. Meaning, on a computer, someone runs a desktop app that launches a web browser pointing to something like some-oauth-login-page?redirect_uri=http://127.0.0.1:4444. This displays the UI to log in, and after logging in, the browser will redirect to 127.0.0.1:4444 and pass along an activation code or similar. – Recluse 27/1, 2020 at 10:8

B

30

There's no problem with using a localhost url for Dev work - obviously it needs to be changed when it comes to production.

You need to go here: https://developers.google.com/accounts/docs/OAuth2 and then follow the link for the API Console - link's in the Basic Steps section. When you've filled out the new application form you'll be asked to provide a redirect Url. Put in the page you want to go to once access has been granted.

When forming the Google oAuth Url - you need to include the redirect url - it has to be an exact match or you'll have problems. It also needs to be UrlEncoded.

Baronet answered 11/12, 2012 at 15:45 Comment(3)

So if I want to redirect at a page hosted on local, say - localhost:9090/index.html do i give this exact url ? – Calia 2/10, 2015 at 15:42

then why i need to add http://localhost:8080/oauth2/callback/google and i want to go http://localhost:3000/home then what is redirectUri:..... at the spring boot application.yml file – Hols 5/1, 2020 at 16:1

Why wouldn't you use a loopback address for prod? There seems to be some misunderstanding here. A desktop app using Google OAuth would typically set up a HTTP listener on a port, then invoke Google's OAuth web page in a web browser, and await the redirect URI to be invoked on the local HTTP listener. This works well in prod, and is what Google recommends. – Recluse 27/1, 2020 at 10:10

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.