Login/Register
How to add multiple redirect URIs for Google OAuth 2?
Asked Answered
Solved google-apigoogle-oauthhttp-redirectsocialauthsocial-authentication
B

2

28

I am trying to make Google OAuth 2 authentication work with a toy app I am running on my computer (at localhost:8080) using Social Auth for Java.

However when my app connects to Google to authenticate the user, Google responds with this error page:

enter image description here

My app, named "My Hobby App", is configured in the Developer Console as such:

enter image description here

In the Google OAuth 2 docs, it is specified that:

redirect_uri: One of the redirect_uri values listed for this project in the Developers Console.

Determines where the response is sent. The value of this parameter must exactly match one of the values listed for this project in the Google Developers Console (including the http or https scheme, case, and trailing '/').

I have a couple of questions:

  • How can I add multiple redirect_uris to my app?
  • Why is Google identifying my app as "Project Default Service Account" rather than "My Hobby App"?
Bascom answered 18/5, 2014 at 0:29 Comment(0)
T
36

It's actually easier than you think, unfortunately, it took me a couple of hours to figure it out.

How can I add multiple redirect_uris to my app?

Normally when you add multiple links to something on Google or elsewhere you separate it by , or ; but with Redirect URIs you have to use a new line, it's actually not very intuitive. So when you press the Edit Settings button, you can add to the URI and/or Origins if you have a couple more links, separated by newlines (enter).

No need for complicated app configurations or new keys.

image

Why is Google identifying my app as "Project Default Service Account" rather than "My Hobby App"?

On your second question: You have to go to the "Consent Screen" tab to change your app info such as your PRODUCT NAME, HOMEPAGE, LOGO, etc.

Tyrothricin answered 17/6, 2014 at 19:7 Comment(5)
Thanks, spent 20 minutes trying to get this working!Brimmer
This ought to be marked as the answer. Was looking for the multiple redirect uris for a bit. THANK!!! +1 from meSimonson
Just wondering if this answer still holds good. The console has an option of adding multiple URIs, but I dont see my second URI being recognized. It just throws a URI mismatch error everytime.Phelloderm
@Phelloderm I haven't tried it in a while, maybe google discovered that it was causing some trouble to people and changed the input method. If it changed please let us know. :-)Tyrothricin
@CMPSoares... Ok... I have figured out what I was doing wrong. Will post as an answer.Phelloderm
P
10

This answer may not be an exact answer to the question, but I think this might help those who are using Google OAuth for the first time and are wondering why their multiple URIs are not being recognized.

We use the redirect URI at 2 places in the code. First time, while fetching the auth code and a second time, when exchanging this code for an access token.

In the Google docs, it is clearly mentioned that the response for the auth code request(1st request) will be sent to the redirect URI. So, if you make the request from an endpoint A and specify the rediredt URI as endpoint B, Google will send the auth code to endpoint B. This is clear and worked fine without any errors.

Coming to the second request, the documentation is somewhat ambiguous. The redirect_URI parameter is described as below:

redirect_uri: The URI that you specify in the API Console, as described in Set a redirect URI.

This is where I made a mistake in understanding how this works. Following a similar approach to the first call, I used a third endpoint C and passed this endpoint C in the redirect_URI parameter while making the second call. I got a URI mismatch error although my endpoints B and C are specified in the API console.

The problem is that, unlike in the case of first call, the response to the second call comes to the same endpoint from where the request is made. I made a request in python like below:

r = requests.post(token_endpoint, params)

r has the response with the token.

I was getting a URI mismatch because, I am supposed to use the same redirect_URI in both the calls.

So, for a single OAuth request, we need to use a single redirect_URI.

But then, that brings up the question, why are multiple redirect_URIs allowed in the API console for a single app. I am assuming that if we need to make multiple pairs of authCode-token calls in the same app, we have the leeway of using multiple redirect_URIs.

Phelloderm answered 17/10, 2016 at 16:59 Comment(6)
Thanks a ton for clearing the confusion. I struggled with this for hours figuring out why second uri redirect is not working.Millipede
Not only that, but in the documentation, the examples use two different redirect uri's! Very confusing, thanks for posting this.Vhf
why are multiple redirect_URIs allowed in the API console for a single app? I can imagine two reasons: (1) you could be testing the from a different environment (e.g. during development). (2) You could be providing the same app at different URLs and do not want the user to switch domains.Agnomen
Thank you so much. Just spent hours trying to solve this problem. Was confused because of the multiple uris being allowed in the API console.Beverlee
This post could save many lives :). Lost hours getting this right.Fusty
The redirect_uri passed to the token endpoint seems to be completely useless. When I received the code to my endpoint from Google, I make the request to Google for the access token, and it responds directly. I can redirect the user to any url I want before I even trade in the code for the token. So I don't really understand the point of sending redirect_uri to the token endpoint at all, since Google only uses it to send me the code, which is has already done by the time I call that token endpoint.Lamprey

© 2022 - 2024 — McMap. All rights reserved.