Google OAuth2: Redirect URI mismatch even after copying the exact path
I was integrating Google OAuth2 into my app and kept getting this error:
"Error 400: redirect_uri_mismatch"
I copied the exact URL from my browser’s search bar and pasted it into both the Authorized redirect URI and the origin field on the Google Cloud Console, Credentials.
Still, I got the error. 😕
Things I Tried:
Checked the Network tab—everything looked fine.
Double-checked the exact redirect URI.
Clicked on error detail to inspect further.
What I Discovered:
Even though my browser was showing a lock icon and the address bar said https://eco-guard-git-auth-oatulas-projects.vercel.app/auth/google, the request was actually going over http.
The redirect URI had to be
http://eco-guard-git-auth-oatulas-projects.vercel.app/auth/google, nothttps.
Solution:
Updated both the origin and redirect URI in Google Cloud Console to use
httpinstead ofhttps.That immediately fixed the issue.
TL;DR:
If you're running locally and seeing this error, don’t trust the browser's lock icon.
Check whether your server is actually using http or https, and make sure the redirect URI matches exactly, including the scheme.
- Understanding Client in OAuth2
- Why Does OAuth v2 Have Both Access and Refresh Tokens?
- Prevent ASP.NET Core cookie-authentication from accepting cookies signed for different hostnames
- How to skip the consent step with Spring Security OAuth2
- How to securely store a refresh_token on the frontend when using laravel/passport?
- Google OAuth2: Redirect URI mismatch even after copying the exact path
- Unable to connect to Office 365 SMTP Server via Jakarta Mail using OAuth 2
- How to Form WebRequest for Multi part Form data and it's Value?
- code_challenge vs state parameter in OAuth? What is the difference?
- Internal to Internal Token exchange with public client
- GO validate access token (keycloak)
- Broken nginx-ingress redirect flow from external Github OAuth provider
- TIKTOK LoginKit, redirect_uri bad
- How to obtain user's email via Twitter API v1 or v2?
- Why do I keep getting "401 unauthorized" response when sending mails through Graph API with delegated access?
- Differences between audience, issuer, and client terms in JWT, OAuth and OIDC
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- How do I create Google OAuth2.0 client credentials using Terraform?
- Azure APIm policy not returning a response
- AWS Cognito; unauthorized_client error when hitting /oauth2/token
- OAuth Authorization vs Authentication
- Google Oauth2.0 web application's "Authorized redirect URIs" must end with a public top-level domain (such as .com or .org)?
- Multiple accounts authorization in Swagger UI of FastAPI
- Authenticating with Netatmo API using MSAL.NET results in "Error: ClientId is not a GUID."
- Laravel passport non-expiring tokens
- Why do access tokens expire?
- AWS Cognito - How to force select account when signing in with Google
- Attribute a role to a user for RBAC authorization when using OAuth?
- oAuth2.0: Why need "authorization-code" and only then the token?
- How To Add Query Params in ADB2C to ADB2C Federated Authentication Using OIDC protocol