Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Google Cloud Console: Invalid redirect URI

The task I am working now is to set up google authorization to access resources of my organization.

But there is a problem with this task. My organization uses non standard domain for its local network: domain.off. And when I try to set 'http://dev.domain.off:12345/auth/google/callback.html' as a oauth2 callback in the Google Cloud Console (https://cloud.google.com/console) I get 'Invalid redirect URI' error.

I cannot use direct address with correct internet domain because there are many other services in private development domain of my organization I have to use that conflict with different addresses.

I cannot use production enviroment with direct address for the development purposes. Development enviroment has only private addresses, domain.off.

I cannot modify hole development enviroment to change all private dev addresses to public. This is a task of not my compenency.

Is there any solution to my problem? The only solution I see now is to ask google developers to remove or modify URI validator in oauth callback setting form to accept non standard domains.

like image 667
TheRoSS Avatar asked Oct 23 '13 13:10

TheRoSS


People also ask

How do I register redirect URI in Google cloud?

Add a URL redirectGo to your list of load balancers in the Google Cloud console. For a load balancer of type HTTP(S) (Classic), click the load balancer's name link. Click Edit edit. In Host and path rules, select Advanced host and path rule (URL redirect, URL rewrite).

What is invalid redirect URI?

Invalid Redirect URI While working on a web based client, you have to ensure that the redirect URI passed while authentication, is the same as the one given during registration. If the redirect uri is not the one given during registration, an invalid redirect uri error will be thrown.

What is a valid redirect URI?

A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.


2 Answers

What you probably want is to use one of the alternative Oauth workflows.

If all you want is to use the google cloud from your service, go for a service account as explained here: https://developers.google.com/console/help/new/#generatingoauth2 I have this working at teowaki.com for interacting with google bigquery and it works seamlessly. All you need is to generate a key on the cloud console and place the key on your server.

If you need to identify users, then you can go for the OAuth for installed applications as shown here https://developers.google.com/console/help/new/#generatingoauth2

In this case, you can choose beetween the users going to a URL in which they will be presented a token they need to paste back onto your application, or being redirected to a URL in localhost. Since I assume you are doing a webapp, you should choose the first option and present the users with a token they need to paste. It's probably not the best UX ever, but being an internal application it is probably doable.

like image 131
Javier Ramirez Avatar answered Sep 16 '22 16:09

Javier Ramirez


since you cannot use direct address with correct internet domain

you could try something like this

You can create a master subdomain to get all google auth responses and redirect to correct subdomain using the "state" query parameter.

For example create google.mydomain.com and use it as your valid "Redirect URI" and Apache will redirect this url to each user with redirect (or rewrite) feature.

More info about apache redirects in http://www.simonecarletti.com/blog/2009/01/apache-query-string-redirects/

Here the code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^google\.
RewriteCond %{QUERY_STRING} state=([a-z0-9]+)
RewriteRule ^(.*)$ http://%1.mydomain.com/$1 [L]
like image 27
Youssef Subehi Avatar answered Sep 18 '22 16:09

Youssef Subehi