Google OAuth 2.0 "error" : "redirect_uri_mismatch"

Question

I spend already one day, crashed one glass and I am really angry about it, I do not understand what google want from me, and what is wrong.

I've enabled Google+ Api in developers console google_ api enabled , created new OAuth Client ID

    $ch = curl_init('https://accounts.google.com/o/oauth2/token');
curl_setopt($ch,CURLOPT_POSTFIELDS,'code=4%2FPp1GWqC6PIr3wNYrZ5kK4T9oitxBoo0fBqBrVNQfE-g.ElKDUjQ7E28SoiIBeO6P2m-0RPaolgI&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fmyprivatedomain.local.com%2Foauth2callback&client_id=%mycliet_id%&client_secret=%mysecret%');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
var_dump(curl_exec($ch));

created all like in instructions here: https://developers.google.com/+/web/signin/server-side-flow, gplus button appear on page, and it successfully request access for authorized user. but when I made step 8 Step 8: Initialize the Google API client library and start the Google+ service my request every time get response "error" : "redirect_uri_mismatch"

I know, that this error appear when you do not registered redirect_uri in Google Console, or when you make a type mistake in it, but I registered it, and also just for testing tried to setup different urls (changed domain names, changed protocols from https to https), but it never working! I have no idea what else I can check, please advice at least something.

Are you using https://github.com/google/google-api-php-client? — Hans Z., Feb 04 '15 at 12:41
`Friendly Note:` select "Web Application" instead of "Other" when creating credentials, I selected "Other" and ran into problems, it worked in local but did not work on live domain — Nitin Sawant, Aug 19 '17 at 13:28

score 35 · Accepted Answer · edited May 23 '17 at 12:10

35

The docs say in Step 1. https://developers.google.com/+/web/signin/server-side-flow#step_1_create_a_client_id_and_client_secret that there must be no redirect URIs configured, only "Authorized JavaScript origins". In the authorization request and the token exchange, the redirect_uri parameter value should be set to postmessage.

Edit: Prior art on this: Google OAuth 2 authorization - Error: redirect_uri_mismatch

edited May 23 '17 at 12:10

Community

1
1

answered Feb 04 '15 at 13:03

Hans Z.

50,496
12
102
115

3

thank you very much! it was not obviously that redirect url in client config should be "postmessage", it working now! instruction said that postmessage should be value of attribute data-redirecturi, but never client_config, that's a mess – Unstaged Feb 04 '15 at 13:30
1

The other thing to note is that there is a delay between setting the value in the credentials screen, and when they take effect and the login process works. For me it was a couple of minutes each time I changed something. – Ads Jan 18 '16 at 22:26
After spending few hours trying to solve this problem, your answer help me a lot! The Google documentation is not very clear. In server side, if you use the Google API Client library, you should use this code : `$client->setRedirectUri('postmessage');` instead of `$client->setRedirectUri('http://your.url...');` – Guicara Mar 09 '16 at 13:40
In my case it was www. My URL is without www while in Credentials I entered URL with www. Also take care of http and https. Better enter all the options. – Zeni Apr 10 '16 at 14:47
Thanks a lot.. it helped me. – Jaydeep Goswami Aug 06 '16 at 05:42
This answer is a lifesaver!! Took me 2 days to find it. I was retrieving a serverAuthCode via Android / JS (cordova and https://github.com/EddyVerbruggen/cordova-plugin-googleplus to be exact) and sending it to PHP to exchange for an access token. "postmessage" is the required redirect_uri when cuing straight CURL in PHP. – Milk Man Jul 21 '17 at 02:46
FFS google absolutely on documentation https://www.google.co.jp/search?num=100&ei=TOj8WtanB4Lo0gSL7ZeoDA&q=google+%2Bpostmessage+inurl%3Agoogle&oq=google+%2Bpostmessage+inurl%3Agoogle&gs_l=psy-ab.3...2518.5186.0.5330.15.14.1.0.0.0.115.1129.10j3.13.0....0...1.1.64.psy-ab..1.0.0....0.eT20SlJcMA8 – Worthy7 May 17 '18 at 02:26

score 3 · Answer 2 · answered Dec 20 '16 at 02:55

Just ran into this problem myself. In my case, my credentials were set up for an installed application, NOT a web application. It seems that Installed applications cannot be configured with redirect URLs. I created a new credential as a web application, and this gave me the option to set a series of redirect urls.

Following the advice of this and other answers, I made sure the URL's matched (copy-paste) and this functioned correctly for me. I also did this in an Incognito Window.

The result was my browser being forwarded to the URL I put in the redirect_url parameter with a special query string parameter code populated with the code to use for the next step.

score 0 · Answer 3 · answered Aug 08 '18 at 13:58

If seeing this when using the Google IAP, if you attempt to visit your URL in a browser, you'll get the message:

That’s an error.

Error: redirect_uri_mismatch

The redirect URI in the request, [your_url]/_gcp_gatekeeper/authenticate, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/?project=[your_project_id]

if you visit the the URL it gives you (or indirectly via the console >> click edit on the correct "OAuth 2.0 client ID"), in the "Authorised redirect URIs" section, ensure you have the [your_url]/_gcp_gatekeeper/authenticate URL set.

The _gcp_gatekeeper/authenticate part is definitely required.

Google return the 400 error because of the mismatch in redirect URI.

score 0 · Answer 4 · answered Jul 03 '20 at 15:16

There were two issue :

The setRedirectUri was set a http and server was running on https and setAccessType to online ( for production )

$client = new Google_Client();
$client->setAuthConfig(_DIR_ . '/../public/client_secrets.json');
$client->setRedirectUri('https://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php');
$client->setAccessType('online');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');

Inside my auth config file ( client_secrets.json ) . I changed the redirect_uris, client_id, project_id, and client_secret

{
"web":{
  "client_id":"GOOGLE_CLIENT_ID",
    "project_id":"PROJECT_ID",
    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
    "token_uri":"https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
    "client_secret":"CLIENT_SECRET",
    "redirect_uris":["https://DOMAIN_NAME.com/social-auth/google/callback",
              "http://localhost:8000/oauth2callback.php"],
  "javascript_origins":["https://localhost","http://localhost:8000"]
    }
}

Google OAuth 2.0 "error" : "redirect_uri_mismatch"

4 Answers4

Linked