Google Oauth2.0 web application's "Authorized redirect URIs" must end with a public top-level domain (such as .com or .org)?

Question

When create a Google API Oauth2.0 Credentials on Google Developers Console, I choose "Web Application" Application type.

In the "Authorized redirect URIs" field, I can use http://127.0.0.1/callback, it work fine for me on local development.

but when I want to use Google API Oauth2.0 Credentials on my server(let's say 99.99.99.99), I have to use http://99.99.99.99/callback as my "Authorized redirect URIs", but google give me a warning:

Invalid Redirect: http://99.99.99.99/callback must end with a public top-level domain (such as .com or .org)

Except to bind a public top-level domain to my server, what else can I do?

I develop in Django and use oauth2client to deal with Google API Oauth2 , So there are two table "oauth2_authentication_credential", "oauth2_authentication_flowmodel" in my database which have the credential value in it, I copy them from my localhost to sever, but it doesn't work.

Answer 1

There is help text near "Authorized redirect URIs" field, that clearly states that you cannot use public IP addresses:

Authorized redirect URIs

For use with requests from a web server. This is the path in your application that users are redirected to after they have authenticated with Google. The path will be appended with the authorization code for access. Must have a protocol. Cannot contain URL fragments or relative paths. Cannot be a public IP address.

127.0.0.1 is not public IP, but a loopback, that's why http://127.0.0.1/callback works fine. localhost also could be used: http://localhost/callback

Except to bind a public top-level domain to my server, what else can I do?

You can use free DNS by http://xip.io/. So for IP 99.99.99.99 use http://99.99.99.99.xip.io/callback. And it would be resolved to http://99.99.99.99/callback.