how to handle redirect_uri_mismatch error when Android app obtains offline access for Web back-end?

Question

I wanted to implement a flow described in this question:

Authenticating with OAuth2 for an app *and* a website

Google solution for this requirement was described in here:

https://developers.google.com/identity/protocols/CrossClientAuth#offlineAccess

I followed this guide but unfortunately when I use the authorization code in backend to get access to the token and refresh the token from google, google throw this error:

{
  "error": "invalid_request",
  "error_description": "Missing parameter: redirect_uri"
}

redirect_uri has no meaning for this situation because the client-side is android.

There is also some advice who they said use "postmessage" as redirect uri or use http://localhost as redirect uri or add server address in redirect URIs in your google app console, but none works for this flow.

score 9 · Accepted Answer · answered Jun 22 '17 at 18:02

9

Spend two days and researched almost all issues on stackoverflow and google before deeply investigated AppAuth library (https://openid.github.io/AppAuth-iOS/ and https://openid.github.io/AppAuth-Android/) and finally found an answer.

So, there are two rules I've found:

redirect_uri should be one of :
- your app bundle_id or package_name + :/ or :// + *your_path* (for example com.example.myapp://google_auth)
- your client_id in reverse DNS form + :/ or :// + *your_path* (for example com.googleusercontent.apps.*account_id*:/my_path)
redirect_uri in initial authorization code request (https://accounts.google.com/o/oauth2/v2/auth) and in authorization code exchange request (https://www.googleapis.com/oauth2/v4/token) must be totally the same

answered Jun 22 '17 at 18:02

Bazhen Rzheutskiy

106
2
4

You saved my day! The point 2 was the thing I was missing for ~2 hours. – Orkhan Alikhanov Jan 13 '21 at 11:07
Correct! And if you want to pass URI with some GET-params you need to urlencode them (so, your ampersand convers to %26). You must pass the same URI with urlencoded symbols to both Google oauth2 endpoints – Dzmitry Kulahin Apr 09 '21 at 17:13
Correct. Option number 2 is what worked for me. Thank you very much – Zeyad Oct 21 '22 at 15:25

score 1 · Answer 2 · answered May 12 '15 at 15:00

1

I spend many times for solving this problem and this tool (https://developers.google.com/oauthplayground) has been provided by google makes me more miss lead because it was designed for main web flow and access token been generated by this tool was different and needs redirect uri. (even if using bearer token type and using client id and secret) after all I user empty string ("") as redirect url and finally I succeed to get access token through server side.

answered May 12 '15 at 15:00

Mohammad Reza Esmaeilzadeh

1,313
18
31

4

Can you detail some steps on how you did that ? I am using Google's tutorial and redirect key in my client json is "redirect_uris:[""], I have not setup any redirect URI in google's developer console not passing any when using python's oauth client but I still get uri_redirect_mismatch error – Faizan Ali Aug 25 '16 at 19:22

score 1 · Answer 3 · answered May 12 '15 at 16:25

1

Blank should work, or you can also use the installed app redirect URI: 'urn:ietf:wg:oauth:2.0:oob' - see https://developers.google.com/identity/protocols/OAuth2InstalledApp

answered May 12 '15 at 16:25

Ian Barber

19,765
3
58
58

I have passed both blank and the one you provided. Still the same error – Faizan Ali Aug 25 '16 at 19:43

how to handle redirect_uri_mismatch error when Android app obtains offline access for Web back-end?

3 Answers3