redirect_uri_mismatch the redirect URI in the request does not match the ones authorized for the OAuth client

Asked 8/12, 2018 at 8:39 Answered 7/2, 2022 at 19:54

google-api youtube-api google-oauth youtube-data-api

I have following client secret

{
  "web": {
    "client_id": "testid",
    "project_id": "testproj",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://www.googleapis.com/oauth2/v3/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "test-sec",
    "redirect_uris": [
      "https://localhost:8080/oauth2callback"
    ]
  }
}

and I am getting

"Error: redirect_uri_mismatch The redirect URI in the request, http://127.0.0.1:8414/authorize/, does not match the ones authorized for the OAuth client.

To update the authorized redirect URIs, visit:". Could you please suggest, how to fix it.

I am using C#. I have created credentials with this -

GoogleWebAuthorizationBroker.AuthorizeAsync( GoogleClientSecrets.Load(stream).Secrets, scopes,
                                             "user",
                                              CancellationToken.None, 
                                              new FileDataStore(Directory.GetCurrentDirectory() + "\\AccessToken\\" , 
                                             true)).Result;

But for first time , it popped up with login and once I logged in , it has created Google.Apis.Auth.OAuth2.Responses.TokenResponse-user file in the folder. Is there a way to bypass first time login ?

Thanks.

Karie answered 8/12, 2018 at 8:39 Comment(1)

Is the JSON you posted your Payload or the Response and where are you getting the Error from? If the Error comes from the Server Response, please post the full Response. Also just from the message i suspect that you have to change your redirect_uris to the ones you authorized as OAuth Callback, so you'd change https://localhost:8080/oauth2callback to http://127.0.0.1:8414/authorize/. – Beaudette 8/12, 2018 at 9:27

When you are creating your credentials in https://console.developers.google.com:

After cliking on Create credentials by choosing OAuth client ID:

Choose Other as Aplication type:

Create OAuth client ID .

You should have this format of credentials:

{
  "installed": {
    "client_id": "...",
    "project_id": "...",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "...",
    "redirect_uris": [
      "urn:ietf:wg:oauth:2.0:oob",
      "http://localhost"
    ]
  }
}

Now your OAuth2 link should works whatever your port in redirection_uri paramater as http://localhost:8414 for example (with 8414 as random port). And you are no more this error:

Error: redirect_uri_mismatch The redirect URI in the request, http://localhost:8414/authorize/, does not match the ones authorized for the OAuth client.

Betancourt answered 18/8, 2019 at 0:30 Comment(1)

thanks a lot, this answer fixed my issue. The key is to use "Other" for "Application Type". – Soares 16/3, 2020 at 15:5

I just ignored the port in the error message when adding as an Authorized redirect URL.

 http://127.0.0.1/authorize/

Ern answered 8/7, 2020 at 20:48 Comment(0)

The redirect uri is the URL where you want Google to return the authencation to. This should be the file that you have set up to handle the Oauth response.

When you created your project in Google Developer console you should have supplied a redirect uri to google that states where you will be sending from and where you would like the response to be returned to.

"Error: redirect_uri_mismatch The redirect URI in the request, http://127.0.0.1:8414/authorize/, does not match the ones authorized for the OAuth client.

means that you are sending from http://127.0.0.1:8414/authorize/ however this is not one of the redirect uris that you have added in Google developer console. Go back to the developer console and add this http://127.0.0.1:8414/authorize/ or http://localhost:8414/authorize/ you may or may not need the ending / as well

Bypass Login

What you need to understand is that most of Googles api data is private user data. In order to access private user data you must have the consent of the user who owns that. We use Oauth2 to request from the user consent for our application to access their data. There is no way to by pass an oauth2 consent.

Unfortunately there is no other way to access the YouTube api. If you want to access private user data you will always have to ask the user for consent at least once and then save the credentials as you are doing now using file data store.

Forewing answered 8/12, 2018 at 10:32 Comment(10)

Thank you for looking into. Will this URL - 127.0.0.1:8414/authorize be generic across all machines ? Is there a generic way to specify redirect URL ? Do I need to regenerate credentials and secrets after this ? – Karie 8/12, 2018 at 18:30

Its the machine you are sending from so locally when you running its localhost and what ever port you have set up. When you are hosting it on a website you will need to add that as the redirect URI. You can't make a generic URI you need to add the ones you are using for your website this is a security thing you would never set the redirect URI to a generic address even if you could which you cant client ID and secret remain the same you are just setting up the address that is valid. – Forewing 8/12, 2018 at 20:37

Thank you. Every time the port is changing. So although I am registering the redirect URI, with next run it's a different port. Is there any solution for this ? Post registering the previous url it throwed - The redirect URI in the request, 127.0.0.1:2523/authorize, does not match the ones authorized for the OAuth client. – Karie 10/12, 2018 at 21:24

I don't know what language you are using but it is most likely the development application that you are using which is giving you a random port fix that and you will not be having an issues – Forewing 10/12, 2018 at 21:41

Thank you so much for helping. I think, I have fixed the issue with just registering 127.0.0.1:/authorize, and localhost/authorize as redirect urls. – Karie 11/12, 2018 at 2:36

I am using C#. I have created credentials with this - GoogleWebAuthorizationBroker.AuthorizeAsync( GoogleClientSecrets.Load(stream).Secrets, scopes, "user", CancellationToken.None, new FileDataStore(Directory.GetCurrentDirectory() + "\\AccessToken\\" , true)).Result; But for first time , it popped up with login and once I logged in , it has created Google.Apis.Auth.OAuth2.Responses.TokenResponse-user file in the folder. Is there a way to bypass first time login ? – Karie 11/12, 2018 at 2:36

This is Oauth2 you need a users permission to access their data you will always have to have a user login once. You can set up visual studio to use a static port. please edit your question and put your code there not in a comment – Forewing 11/12, 2018 at 6:5

Sure, Thank you. – Karie 12/12, 2018 at 21:18

In the future you should open a different question that isn't part of your current question about redirect URI. This way you will have two questions you may get points from. However i have edited my anwser to include it. – Forewing 13/12, 2018 at 7:40

sure. Thank you so much. – Karie 13/12, 2018 at 22:59

If you're using container apps or web apps contained over Linux, refer this answer. It could be caused by authentication redirecting to provider handle that's not served over HTTPS. See the error for redirect_uri and if the link is over http, follow the same.

Corvin answered 7/2, 2022 at 19:54 Comment(0)

Recommended topics

Hot tags