Redirect URI mismatch error from Google OAuth

Question

I have a Flask web application which is hosting in Google Cloud Run which is hosted with https://mydomain.run.app.

Now I am trying to add google authentication to it. I have created the API under credentials in GCP. I have given https://mydomain.run.app/authorize in the redirect uri but when I tried to login from my app it throws me redirect mismatch error. And the error shows me http://mydomain.run.app/authorize. The mismatch is the https and http When I tried to give http in the credentials uri it throws me

Invalid Redirect: This app has a publishing status of "In production". URI must use https:// as the scheme.

@app.route('/login/google')
def google_login():
    google = oauth.create_client('google')
    redirect_uri = url_for('authorize', _external=True,_scheme='https')
    return google.authorize_redirect(redirect_uri)

@app.route('/authorize')
def authorize():
    google = oauth.create_client('google')  
    token = google.authorize_access_token()  
    resp = google.get('userinfo')  
    user_info = resp.json()
    user = oauth.google.userinfo() 
    session['profile'] = user_info
    session.permanent = True  
    return redirect('/select')

Your code is specifying the **http** scheme when it calls the Google auth endpoint. — John Hanley, Oct 24 '21 at 17:48
Any reference or example for https scheme that you can suggest? — Santhoshkumar Sundararaj, Oct 31 '21 at 10:58
What reference are you looking for? Your code is creating the issue. — John Hanley, Oct 31 '21 at 11:19
I have added my code above to my post. I couldn't figure out where I am making mistake. I am new to this. Thanks! — Santhoshkumar Sundararaj, Nov 01 '21 at 16:01
@SanthoshkumarSundararaj did you find a solution for your question? I am wondering because now I have the same issue — Black Bear, Jul 27 '23 at 19:02

score 1 · Answer 1 · answered Oct 24 '21 at 19:24

1

your app is currently set to production in google developer console.

This means that all of the redirect uris you try to add to your project. Must be HTTPS and not HTTP you can also not use localhost

As you are trying to use http://mydomain.run.app/authorize you need to change it so that it is https://mydomain.run.app/authorize note that the first one was http:// and not https://

The error is coming because your application itself is trying to send a redirect uri of http and not https. You need to fix your application so that it is using https.

answered Oct 24 '21 at 19:24

Linda Lawton - DaImTo

106,405
32
180
449

I tried to add _scheme='https' in the url_for while redirecting but now I am **authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.** error. I have changed my secret key to static string instead of random numbers. But same error. – Santhoshkumar Sundararaj Oct 31 '21 at 10:57
I have the same issue now, I have my consent screen verified/approved and my app is in prod mode , I created client id(credentials) and put the authorized uri with https and javascript origin also with https, but when I try to log in it shows redirect uri in http – Black Bear Jul 27 '23 at 18:50
You cant use HTTP it has to be HTTPS in prodctuion. – Linda Lawton - DaImTo Jul 27 '23 at 21:22

score 0 · Answer 2 · answered Oct 24 '21 at 15:20

0

Under Authorized redirect URIs

You should put 1 more URI :

https://mydomain.run.app/

Then check again. I have got same issue before.

answered Oct 24 '21 at 15:20

Thanh Nguyen Van

10,292
6
35
53

Thanks! But no luck. Still it shows the same redirect mismatch URI error with http link. Any idea what might be wrong? – Santhoshkumar Sundararaj Oct 24 '21 at 16:43
ah, please check your app when return., it should be return with https – Thanh Nguyen Van Oct 25 '21 at 01:16
the app should run on https only when exposing – Thanh Nguyen Van Oct 26 '21 at 16:02
I tried to add _scheme='https' in the url_for while redirecting but now I am **authlib.integrations.base_client.errors.MismatchingStateError: mismatching_state: CSRF Warning! State not equal in request and response.** error. I have changed my secret key to static string instead of random numbers. But same error. – Santhoshkumar Sundararaj Oct 31 '21 at 10:57

Redirect URI mismatch error from Google OAuth

2 Answers2

Linked