Google OAuth redirect URL mismatch - oauth

I've followed a sample created here:
https://github.com/googlesamples/oauth-apps-for-windows/blob/master/OAuthDesktopApp/README.md
to have Google OAuth work with my desktop application and it seems I got stuck with redirect URIs. I know I have to provide a RedirectURI on Google Credentials page (in Developers Console), but I cannot figure out how to provide a RedirectURI to accept any port number.
In this sample, a local HTTP server opens a connection on localhost (127.0.0.1) and it seems to work, no matter which port is used for listening (it finds some random port and then sends RedirectURI as localhost:randomport) and authentication works as expected. However, when I try to do that in my application, I get notification that RedirectURI is not defined. Is there any special syntax to be used when defining RedirectURI inside Developer Console?

As stated in the read me for the sample you are following
Create a new OAuth 2.0 client, select Other
You should have created a oauth2 client of type other, not an web application. the only difference really is that other is intended for desktop or native applications which use localhost by default as the redirect uri.

Related

Google OAuth2.0 Access right

when using the google oAuth2. I keep getting
Erreur 400 : redirect_uri_mismatch The redirect URI in the request, http://hostname/signin-google, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit:
with the HTTP access.
but I'm using the https access to access the url.
I don't know why it's redirecting by HTTP not HTTPS
.
For the auth I'm using
await HttpContext.ChallengeAsync("Google", new AuthenticationProperties() {RedirectUri = "/"})
--
Note : when trying to Add my hostname with http on the redirect_uris acceepted on the GCP, it doesn't accept http, but only HTTPS
thanks a lot
You should pass the address of your own server/client-app as RedirectUri, which can handle the answer of Googles login dialog. This address should be a full URL not just "/", it has to be registered in the Google developer console and is required to be one with a https:// prefix.
You cannot implement OAuth2 with an unsecure http:// redirect address, this would ruin all security.
In fact, it's the way you expose your app that is taken in parameters..
For me I'm using the dockerfile to expose my app, and I used to use
Expose http://*:80
And even if the associated domain was started with an HTTPS, inside the app it's always an HTTP call, so all the redirect are done through the http protocole.
I'v changed the way I expose my app from http://:80 to https://:443
And in the code I used kestrel to launch the app and it's working perfectly now
Thank you

Example of loopback interface redirection to read the authorized code from oauth URI

I am working on an desktop based Java Swing application on which I have to invoke the web browser for authenticate and get the authorization code from that URI.
I was going through https://www.rfc-editor.org/rfc/rfc8252 RFC and read the "loopback interface redirection" terminology. Able to find the theocratical concept around this on Net but not able to find any example code.
Can someone help me to understand this better from code perspective or link to any example?
I have some code samples you can easily run from your local PC but they are not coded in Java. Hopefully they help you to understand how the solution works though:
Desktop Sample using Loopback Server to Receive Login Response
Desktop Sample using Private URI Scheme to Receive Login Response
The Nimbus OAuth Libraries might prove useful for a Java implementation.
We have achieved this after using the RFC 7636 https://www.rfc-editor.org/rfc/rfc7636 where in Java application, we are starting the inbuilt java http server on random port.
After starting the local server, we generate one random string called code_verifier and then client change it to code_challenge = BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) using SHA256 and create Bas64 encoded URL string and open the browser to do the authentication.
Once authentication is done from browser, webservice creates an auth token against the JWT token and store in DB along with code_challange.
Browser pass the auth token to client and after receiving the response, then client pass the auth token along with code_verifier to get the authorization JWT token. Webserver verifies both the entries against the stored info and passed back the authorization token after successful verification.

How to create Redirect URL for an app using Google API? (OAuth client)

I need the following information for my app to work:
1) Client ID
2) Redirect URL
Setting up the app and creating an ID + secret code was easy. But I have no idea what to put as my redirect URL. I used localhost as my URL and I was able to sign into my google account but after I signed in I received Error: redirect_uri_mismatch
Screenshot
What can I do? How do I even create a redirect URL?
In the Developer Console credentials page (the one in your screenshot), add your redirect URI to the "Authorized redirect URIs" text field.
Ensure you're supplying the correct port and correct route your server is listening on too.
For example, in the Google API Console, the working redirect URI for me is
Your port and route all depend on your server setup (ie. look in your index.js if you're using Node). This working sample with port 5000 is from the example server code in the YouTube API NPM module readme.

Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my dev PC?

Any way to test OAuth integration to google without having to have a port forwarding rule in my router back to my development Mac?
Background:
Developing Ruby on Rails web app that will request data from Google Calendar API via OAuth
Using Rails "OAuth Plugin" for this purpose
Developing on MacBook which is running my dev environment
Google needs (as part of OAuth) to make a callback back to my local dev environment
Can't seem to think of a way to test with Google without having to set a Port forwarding rule in my site's router back to my Macbook?
This threw me for a loop too. I actually went through the work of setting it up on a public IP even though I didn't have to in the end.
But yes, your comment is correct. The callback URL is passed on to Google during the redirect then after you've been authenticated with Google, Google will redirect you back to the callback URL providing an authorization code as a parameter.
The only server to server communication that happens is exchanging the authorization code for access and refresh tokens. This typically happens on the callback page. But since it's initiated by your server and not Google, no special open ports are required.

Google OAuth 2 authorization - swapping code for token

I'm trying to implement Google OAuth 2 to get access to Google APIs. I follow this guide, using server-side scenario.
I have no problem with getting the code, server redirects to localhost (which is the only server allowed in redirect URIs for now).
To achieve this, I go to https://accounts.google.com/o/oauth2/auth?client_id=whatever.apps.googleusercontent.com&redirect_uri=http://localhost/&scope=https://www.google.com/m8/feeds/&response_type=code page.
Then, I tried using curl (as in guide) to test, if Google's server responds with access token. However, it seems to fail very hard. Only response I can get is {"error":"invalid_client"}. I'm sure I provide everything Google wants me to provide - code, client ID, client secret, redirect URI (localhost) and grant_type=authorization_code.
Whole curl command line is:
curl https://accounts.google.com/o/oauth2/token -d "code=<code>&client_id=whatever.apps.googleusercontent.com&client_secret=<won't tell!>&redirect_uri=http://localhost&grant_type=authorization_code"
Am I missing something? How can I exchange code for access token?
Did you urlencode your client secret and redirect url? That works for me.
Should be http%3A%2F%2Flocalhost instead of https://localhost.
I had the same error until I realized that I was trying to connect with a client ID which I created for iOS. So for me the solution was to create a new API key-secret pair on the API Console with the platform set to "other".
Now I'm getting other errors but that's another story. ;)
Happens when you use wrong Client secret. Make sure you are using correct Client secret from Google API console. I was using Email address since API console displays the information in the following order:
Client ID
Email address
Client secret

Resources