1

I am using google OAuth for a website. I have set redirect URI as such:

enter image description here

This works fine on localhost. But on deployment, I get the following error on login:

enter image description here

If I add http://****.com/auth/google/callback on google API console, I get:

enter image description here

How do I resolve this? Any suggestions would be appreciated.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
reddur
  • 61
  • 1
  • 6
  • As the error message states, you can't redirect to a http url. You need https. – super Apr 19 '22 at 08:46
  • yes, but if you see the second image, it is suggesting a http url. How do I resolve the error in second image? – reddur Apr 19 '22 at 08:49
  • It's suggesting a http url because you are trying to redirect to that url. So you need to change that to a https url and add that to allowed redirect URIs. – super Apr 19 '22 at 08:52
  • Did you solve this? I have the same problem. – John Jun 10 '22 at 15:46
  • I found a solution at https://stackoverflow.com/q/54784981/6553466 – John Jun 10 '22 at 19:39

1 Answers1

0

The redirect uri needs to match exactly.

You have registered https://blackedout/auth/google/callback

Yet your app appears to be calling from http://blackedout/auth/google/callback

Production apps can not be run using http they must be run using https. So you need to fix your app so that it is running https and not http as you will not be able to register a http endpoint from an app that is in production.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Just to nitpick a bit, the app is not calling from. It's asking google to redirect to. The app origin and the redirect url can be completely unrelated without any issues. – super Apr 19 '22 at 13:06
  • The app is sending the redirect uri as part of the authorization request. This is normally built by the client library used based upon the URL / domain that the app is running. (I am assuming author is using either the Js client library or the node.js client library both of which build the redirect uri in this manner) There for it is calling from that. but i guess this is just semantics. Once the app is set to run as https the library will build the redirect uri properly. – Linda Lawton - DaImTo Apr 19 '22 at 13:08
  • No. It *can* be calling from that. But it doesn't have to be. – super Apr 19 '22 at 13:10