47

I'm adding Google Oauth2 to a Rails app, but have been unable to get past the early stages.

I've set up an app, and defined client ID and secret.But I'm getting Invalid parameter value for redirect_uri: Non-public domains not allowed: http://localhost/path/to/callback

What does this mean? Is this because I'm testing on a local dev environment?

Thanks for any ideas.

EDIT

This might be because the app's URI differs from the sending URI. But when I go to Google and try to authorize the path to my dev app, I get OAuth2 redirect is invalid. Is this a limitation of using a locally hosted app?

EDIT 2

The request I'm generating looks like this:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=###########&redirect_uri=http%3A%2F%2Fmyapp.dev%2Fusers%2Fauth%2Fgoogle_oauth2%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&approval_prompt=&access_type=offline

Is this correct. I've tried this with client_id including and excluding the .apps.googleusercontent.com section. Neither seems to work.

Andy Harvey
  • 12,333
  • 17
  • 93
  • 185
  • That's what it looks like to me... Try making your app public with port forwarding and using you WAN IP – Kyle Macey Apr 18 '12 at 18:57
  • Could you include a sample request? I've been able to use oauth2 with localhost redirects just fine, so curious what's different about your request. – Steve Bazyl Apr 18 '12 at 20:25
  • Thanks Steve, I've added my generated request to the question. I'm using pow to serve my dev app. Could this be the problem? Perhaps I need to supply a different redirect? Although this one has worked for other providers. Appreciate any ideas you may have, this one has me stumped! – Andy Harvey Apr 19 '12 at 05:10

7 Answers7

70

I was getting the redirect error for my python / tornado app running on ubuntu. Using localhost didn't work as the accepted answer highlighted. Google wants a public domain.

My solution was to piggyback "example.com" which is public and create a sub domain in my /etc/hosts file. The sub domain would work on my local dev box and google would be happy with the example.com domain. I registering the redirects via the google console and the redirect worked successfully for me.

I added the following to my /etc/hosts:

192.168.33.100   devbox  devbox.example.com

In my case the IP was that of my machine. I could also have used 127.0.0.1 instead.

My Google API console (https://code.google.com/apis/console) set up for a new client ID was:

Oisin
  • 1,483
  • 12
  • 15
  • 8
    Use a domain different than localhost (local.mydomain.com) and use hosts file to map the fake domain to 127.0.0.1 works like a charm. Thanks mate. – Phương Nguyễn Sep 24 '12 at 07:31
  • 1
    To get this to work with pow, create a symlink called `default` to the app your working with from `~/.pow`. This will make `0.0.0.0` or `127.0.0.1` go to the default app. – Jasper Kennis Nov 21 '12 at 12:51
  • Tried this, but couldn't get it to work. Hopefully others have better luck than me. – Ash Blue Dec 18 '12 at 00:21
  • 3
    This solution + xip.io works for me on both emulators and real phones. example.com does not work because either emulators or phones cannot access example.com faked by host machine's /etc/hosts. xip.io provides a global faked domain. SO it works. – Joe C Feb 01 '14 at 20:11
  • I got this to work for the AdWords on Rails demo app. The only difference was I had to modify the "Authorized Redirect URI" in the "Client ID for web application" settings so it exactly matched the `redirect_uri` in the request details of the error message. – d3vin Mar 26 '14 at 07:00
  • Would a port number at the end of the host name indicate to Google that it is still a localhost? E.g., http//example.com:9000/. PS: tested: addition of a port number results in a localhost-like treatment. – Nikolay Melnikov Mar 01 '15 at 20:02
18

Using xip.io you can provide a public url to redirect to like http://your_pow_app.192.168.0.1.xip.io/user/auth/google_oauth2/callback

Tested and working.

Happynoff
  • 1,365
  • 1
  • 14
  • 28
  • What mean your pow app? – fdrv Dec 04 '15 at 09:48
  • @Jek-fdrv When you use Pow you referecence the application by a name. This name will be used to access the application in the browser. It's the same name you can use as sub-domaine when using xip.io. If you access your application with helloapp.dev the replace your_pow_app with helloapp. – Happynoff Dec 04 '15 at 13:50
  • Can you pleae show example, because I imagine that should be url, and user will be redirect to this url after google request. – fdrv Dec 04 '15 at 18:03
  • 1
    I don't have any example because I don't use Pow anymore. But the idea is that you take the name of your application in Pow (like `helloapp`) and without installing anything juste use `helloapp.YOUR_LOCAL_IP.xip.io` to access it. As explained on the http://xip.io/ website it is just a DNS entry that points to YOUR_LOCAL_IP. In you application you just define the callback url you want to use (like `/user/auth/google_oauth2/callback`). Once it's done, you provide this url to google for the redirection and that's it. Nothing more :) – Happynoff Dec 05 '15 at 17:21
  • You can find the xip.io details on http://xip.io/ and the Pow documentation on http://pow.cx/ – Happynoff Dec 05 '15 at 17:23
  • Note that this service doesn't seem to exist anymore. sslip.io seems to be an alternative that works the same way, but I haven't used it myself. – Sasha Chedygov Feb 01 '23 at 01:18
5

I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.

P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au

This is my answer to a related question https://stackoverflow.com/a/23517146/1320083

Community
  • 1
  • 1
Tyson
  • 681
  • 7
  • 10
2

For anyone else finding this, my problem was combination of several things.

  1. I could not get callbacks to work on a local machine. The console API console suggests it is possible, but I couldn't get it working. Not sure of this is down to the service, or to my network/ connection/ firewall/ etc.

  2. In the API console you must specify the full redirect URI, not just the root url back to your app.

  3. Google lists scope parameters here https://developers.google.com/gdata/faq#AuthScopes. It seems this information is outdated, and the correct format for these is now https://www.googleapis.com/auth/plus.me, https://www.googleapis.com/auth/youtube, etc. Maybe someone else can confirm this?

I had a few other things going on as well. I had written a full explanation on another of my questions here on SO. Unfortunately my comments were deleted instead of moved by a moderator because I posted in the wrong place. I can't now remember all that I wrote. For others facing similar issue, feel free to comment, it may jog my memory so I can offer some ideas.

Andy Harvey
  • 12,333
  • 17
  • 93
  • 185
0

Error redirect_uri_mismatch - This error can occur when you entered an incorrect bundle ID in your Google Developers Console project that does not match your app's bundle ID. Check that your client ID and bundle ID match the values that are displayed in the Developers Console.

Venu Gopal Tewari
  • 5,672
  • 42
  • 41
0

For me it was the function that built up the google url. I put line breaks in the string, once I removed the line breaks the url worked again.

Lanklaas
  • 2,870
  • 1
  • 15
  • 18
-3

I faced this issue but found it was really not an issue. As explained in my blog you can use the public redirect URI even when you are working on your localhost development machine. Google will just return the authorization code to the public URI where you can cut and paste it to your local machine.

charles young
  • 2,269
  • 2
  • 23
  • 38