19

I spend already one day, crashed one glass and I am really angry about it, I do not understand what google want from me, and what is wrong.

I've enabled Google+ Api in developers console google_ api enabled , created new OAuth Client ID client id

    $ch = curl_init('https://accounts.google.com/o/oauth2/token');
curl_setopt($ch,CURLOPT_POSTFIELDS,'code=4%2FPp1GWqC6PIr3wNYrZ5kK4T9oitxBoo0fBqBrVNQfE-g.ElKDUjQ7E28SoiIBeO6P2m-0RPaolgI&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fmyprivatedomain.local.com%2Foauth2callback&client_id=%mycliet_id%&client_secret=%mysecret%');
curl_setopt($ch,CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
var_dump(curl_exec($ch));

created all like in instructions here: https://developers.google.com/+/web/signin/server-side-flow, gplus button appear on page, and it successfully request access for authorized user. but when I made step 8 Step 8: Initialize the Google API client library and start the Google+ service my request every time get response "error" : "redirect_uri_mismatch"

I know, that this error appear when you do not registered redirect_uri in Google Console, or when you make a type mistake in it, but I registered it, and also just for testing tried to setup different urls (changed domain names, changed protocols from https to https), but it never working! I have no idea what else I can check, please advice at least something.

Improve this question
3
  • Are you using github.com/google/google-api-php-client? Commented Feb 4, 2015 at 12:41
  • @Hans Z yes, as part of my symfony2 application Commented Feb 4, 2015 at 12:44
  • Friendly Note: select "Web Application" instead of "Other" when creating credentials, I selected "Other" and ran into problems, it worked in local but did not work on live domain Commented Aug 19, 2017 at 13:28

4 Answers 4

Reset to default
35

The docs say in Step 1. https://developers.google.com/+/web/signin/server-side-flow#step_1_create_a_client_id_and_client_secret that there must be no redirect URIs configured, only "Authorized JavaScript origins". In the authorization request and the token exchange, the redirect_uri parameter value should be set to postmessage.

Edit: Prior art on this: Google OAuth 2 authorization - Error: redirect_uri_mismatch

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

thank you very much! it was not obviously that redirect url in client config should be "postmessage", it working now! instruction said that postmessage should be value of attribute data-redirecturi, but never client_config, that's a mess
The other thing to note is that there is a delay between setting the value in the credentials screen, and when they take effect and the login process works. For me it was a couple of minutes each time I changed something.
After spending few hours trying to solve this problem, your answer help me a lot! The Google documentation is not very clear. In server side, if you use the Google API Client library, you should use this code : $client->setRedirectUri('postmessage'); instead of $client->setRedirectUri('http://your.url...');
In my case it was www. My URL is without www while in Credentials I entered URL with www. Also take care of http and https. Better enter all the options.
This answer is a lifesaver!! Took me 2 days to find it. I was retrieving a serverAuthCode via Android / JS (cordova and github.com/EddyVerbruggen/cordova-plugin-googleplus to be exact) and sending it to PHP to exchange for an access token. "postmessage" is the required redirect_uri when cuing straight CURL in PHP.
|
3

Just ran into this problem myself. In my case, my credentials were set up for an installed application, NOT a web application. It seems that Installed applications cannot be configured with redirect URLs. I created a new credential as a web application, and this gave me the option to set a series of redirect urls.

Following the advice of this and other answers, I made sure the URL's matched (copy-paste) and this functioned correctly for me. I also did this in an Incognito Window.

The result was my browser being forwarded to the URL I put in the redirect_url parameter with a special query string parameter code populated with the code to use for the next step.

Improve this answer

Comments

0

If seeing this when using the Google IAP, if you attempt to visit your URL in a browser, you'll get the message:

  1. That’s an error.

Error: redirect_uri_mismatch

The redirect URI in the request, [your_url]/_gcp_gatekeeper/authenticate, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/?project=[your_project_id]

if you visit the the URL it gives you (or indirectly via the console >> click edit on the correct "OAuth 2.0 client ID"), in the "Authorised redirect URIs" section, ensure you have the [your_url]/_gcp_gatekeeper/authenticate URL set.

The _gcp_gatekeeper/authenticate part is definitely required.

Google return the 400 error because of the mismatch in redirect URI.

Improve this answer

Comments

0

There were two issue :

  1. The setRedirectUri was set a http and server was running on https and setAccessType to online ( for production )
$client = new Google_Client();
$client->setAuthConfig(_DIR_ . '/../public/client_secrets.json');
$client->setRedirectUri('https://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php');
$client->setAccessType('online');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
  1. Inside my auth config file ( client_secrets.json ) . I changed the redirect_uris, client_id, project_id, and client_secret
{
"web":{
  "client_id":"GOOGLE_CLIENT_ID",
    "project_id":"PROJECT_ID",
    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
    "token_uri":"https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
    "client_secret":"CLIENT_SECRET",
    "redirect_uris":["https://DOMAIN_NAME.com/social-auth/google/callback",
              "http://localhost:8000/oauth2callback.php"],
  "javascript_origins":["https://localhost","http://localhost:8000"]
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.