Google OAuth Installed Application Flow: redirect_uri_mismatch

Question

I am trying to follow this guide: Using OAuth 2.0 for Installed Applications

I get past the first part OK where a user can authorize my app to access their Google Drive. I have successfully retrieved the authorization code after the user grants permission.

Unfortunately I get stuck on the second part: I keep hitting a redirect_uri_mismatch error when sending the POST request to exchange the authorization code for an access token.

The guidance says I should use "The redirect URI you obtained from the Developers Console". I downloaded the credentials from this link in the developers console:

Which contained a JSON with the following property:

"redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]

I have tried the request setting redirect_uri to each of these options; I have tried with setting it to an empty string; I have also tried with it missing altogether. Nothing works.

Each time I hit the redirect_uri_mismatch error.

I have also tried posting to this URL from the downloaded credentials:

"token_uri":"https://accounts.google.com/o/oauth2/token"

and also the URL from the guidance page (https://www.googleapis.com//oauth2/v4/token) but each time I hit the same error.

How can I resolve this error and successfully exchange the authorisation code for an access token?

Screenshot example from Fiddler showing one of the many requests I have attempted:

Or a raw HTTP Request example:

POST https://accounts.google.com/o/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: accounts.google.com
Content-Length: 253
Expect: 100-continue
Connection: Keep-Alive

client_id=175836713882-m783k1ksu2rc6vepq35j4o8hhpk94ndj.apps.googleusercontent.com&client_secret=A---removed-for-security---A&code=4---removed-for-security---E&grant_type=authorization_code&redirect_uri=urn%3aietf%3awg%3aoauth%3a2.0%3aoob

N.B. I am aware there are many answered questions on SO about this error with respect to miss-spells of redirect URIs for those following the Web App Authentication flow but this specifically relates to the Installed application flow. I could find no answered questions relating to this error message on the Installed Application flow

Answer 1

This error occures when the redirect URI set in the authorization request and the redirect URI set in the token request are not the same (it MUST exactly match one of the values listed above).

IMHO, you should first verify the redirect_uri parameter in your autorization request. It should be something like:

https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=175836713882-m783k1ksu2rc6vepq35j4o8hhpk94ndj.apps.googleusercontent.com&redirect_uri=urn%3aietf%3awg%3aoauth%3a2.0%3aoob