Google API OAuth Client: Localhost never allowed for client ID

Question

I have followed this guide, and re-visited the step multiple times, but cannot see what I am doing wrong here, if anything.

I have tried adding http://localhost and http://localhost:80, this is where my local server is running.

Whenever I attempt to prompt the user for sign-in, I am met with the error:

[GSI_LOGGER]: The given origin is not allowed for the given client ID.

I have tried to prompt using the g_id_onload div block which is described in the linked document, but I have also tried triggering the prompt via the JS API, same result. There are not many steps here, but am I missing something obvious? Does my consent screen need to be verified for some strange reason? I thought there was just a cap until it is?

Any help would be greatly appreciated!

UPDATE: I have replicated the implementation below (using the same credentials as I was using before), and that seemed to work. But obviously no longer a supported method for implementing One Tap. I think this point to something being wrong on Google's end?

https://github.com/zapier/google-yolo-inline

UPDATE 2: I have now attempted to deploy to a staging environment, adding the URL for that as an allowed origin. Same error in the end.

Answer 1

Found the issue, my website instance had a referrer policy set to no-referrer. After setting it to no-referrer-when-downgrade, the One Tap prompt showed up as expected.

Answer 2

When you perform the local testing, did you use the URL http://localhost/path in your browser?

If you display One Tap in an iframe, the URL of that iframe should be something like http://localhost/path.

Did you request extra scopes in your OAuth client? if yes, it needs to be verified.