I am deploying an app on Heroku that uses Google OAuth2. When I test the app, I go to the auth url (/auth/google) and I see the following error message (note that I replaced domain name with *** just for posting here:
That’s an error.
Error: invalid_client
The OAuth client was not found.
Request Details response_type=code
redirect_uri=https://****.com/auth/google/callback scope=profile email
client_id=process.env.GOOGLE_CLIENT_ID That’s all we know.
I have looked at the following questions before posting and have been trying to debug for several hours:
Error: invalid_client with Google Apps API OAuth2
invalid_client in google oauth2
I have tried to do the following:
Ensure there are no spaces before and after the values in Heroku
The consent screen in Google Console has the name and email address completed
I have renamed the app within Google Console
I have deleted the key/value from Heroku and re-created
Despite all this, I am unable to fix this. Any ideas on what I maybe missing?
The answer is in the question.
Google can't find any reference to your client, which is identified by the client_id in the URL. Instead of a valid client_id (which looks something like "40740878192.apps.googleusercontent.com") you have given a client_id of "process.env.GOOGLE_CLIENT_ID". It looks like a bug in your code that instead of using process.env.GOOGLE_CLIENT_ID as a variable, you have used it as a literal.
Related
I am developing a NextJS application using next-auth with Google Oauth 2 as its authentication provider. The production build is running on Heroku. When attempting to sign in on my production build, Google OAuth is giving me "Error 400: redirect_uri_mismatch". Normally this would be an easy fix, except the exact uri is already registered in Cloud Console.
.
I have also tried added many different permutations of my uri, but this did not help.
This issue not solved by 11485271 or 69151061.
Error in question:
Error 400: redirect_uri_mismatch
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.
If you're the app developer, register the redirect URI in the Google Cloud Console.
Request Details
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: https://middcourses2.herokuapp.com/api/auth/callback/google
And here is a link to the list of authorized domains in GCP.
Solved! So for some reason, Google changed my Client ID and Client Secret after I already set up those env variables. Once I noticed the change and inputted the new values it worked fine.
For me, clientID was not the issue, but this was due to a trailing slash( / ).
redirect_uri must be an EXACT MATCH on the developers console.
In the Google Cloud console, I had http://localhost:8080 under the redirect URIs in the list while my code was sending http://localhost:8080/ while making the oAuth call.
I got this error when I create new client secret in new project.
That’s an error.
Error: restricted_client
Unregistered scope(s) in the request: https://www.googleapis.com/auth/youtube.readonly
Request Details
access_type=offline
response_type=code
client_id=487794563386-mujtj6b5iatnmvdailldn468gg028p8g.apps.googleusercontent.com
redirect_uri=http://localhost:61515/authorize/
scope=https://www.googleapis.com/auth/youtube.readonly
That’s all we know.
How could I fix that ?
403 errors are errors with the users access. The user you are currently authenticated with does not have permission to do what you are trying to do in your case it appears to have something to do with the following scope.
https://www.googleapis.com/auth/youtube.readonly
Its hard to know what you are doing without seeing your code. I suggest you attempted to authenticate your user again. IF you changed the secret then its not going to work with a refresh token generated by another secret.
I am going to contact Google to be sure that there hasnt been any changes recently. I cant see anything in the change logs myself. There may have been a stealth change that they didnt release.
Status
We have a web application with Google calendar API using OAuth 2.0 client IDs.
The problem is that it works well with the Test app:
http://test.our-domain.com
BUT it doesn't work in the production that has SSL.:
https://app.ourdomain.com
Both are on the same server and on the same domain,
Both are authorized in the Credentials page as
http://test.our-domain.com/callback
and
https://app.ourdomain.com/callback
When the user sign in it looks like the process is OK but the Token does not being saved.
Here is the error we have on the production log - Please help...
2017-11-23 22:49:56,656 [ 33] ERROR DotNetOpenAuth.Http
- WebException from https://accounts.google.com/o/oauth2/token: { "error" : "redirect_uri_mismatch" }
2017-11-23 22:49:56,656 [ 33] ERROR
Client.Management.UserCalendarEntryController
- Failed to get google authenticator for XXXXXXXXXXXXXXXXXX
Blockquote
As referred with this thread, the redirect URI (where the response is returned to) has to be registered in the APIs console, and the error is indicating that you haven't done that, or haven't done it correctly.
Go to the console for your project and look under API Access. You should see your client ID & secret there, along with a list of redirect URIs. If the URI you want isn't listed, click edit settings and add the URI to the list.
Also, be noted that updating the google api console can take some time. Generally only a few minutes but sometimes it seems longer.
(I found your post on xplace, I don't have an account there) - I can help you debug the issue if you'd like. feel free to leave your email and I'll reach out.
I have been using the OAuth approach to upload,update and delete videos on YouTube. That all has been working fine until about February 12th where all of those processes stopped working. Now when I go to delete a YouTube video I get the following error:
"code": 403,
"message": "The video that you are trying to delete cannot be deleted. The request might not be properly authorized."
I know that the OAuth process is working because I can get the token and refresh the token if it has expired. I'm using the latest PHP library that Google have provided (installed using composer). And I can get information about a valid YouTube video by making the following call:
$videoId = "xxxxxxx"; //id of video on YouTube
$youtube->videos->listVideos("snippet", array('id' => $videoId));
But then the delete call gives that error above.
$youtube->videos->delete($videoId);
Since the listVideos works, that confirms that the client_id, secret key and token is correct. I also am setting the scopes to be the following
$client->setScopes(array('https://www.googleapis.com/auth/youtube',
'https://www.googleapis.com/auth/youtube.upload',
'https://www.googleapis.com/auth/youtubepartner'));
I also checked that the credentials and quotas set in the Google APIs are ok. I thought that maybe the quota had been reached but that doesn't appear to be the case. I did see an email from YouTube in early february saying that they have a new terms of service and a developer policies. I reviewed all that but nothing in there appears to point to the issue I am having?
Not sure what else to try?
Try to check my answer here in this SO question that focus on how to Refresh Token with the Google API.
Your error usually caused by:
When the token expires
The token’s scope (this is important)
If the token is invalid
If the token is invalid you can troubleshoot like this:
Remove the access token from your datastore or database.
Use the refresh token to acquire a new access token (if you are using a refresh token)
Try to make the API call again. If it works, you’re good! If not …
Check the access token against the tokenInfo API
If it’s still invalid, do a full reauth
Hope this helps!
I was able to successfully log in using Google Classroom and pull the course data during the trial. This was on my local machine. Now I have moved to my test server. I can still log in via google but can no longer pull the course data. I have already updated my client_secret file (updated the appropriate endpoints) but i get the following error after calling classroom.courses.list
Error: No access or refresh token is set.
Would appreciate anyone's help. I do have Google Classroom API as one of my APIs. Not sure if it's because i'm now on a domain instead of my localhost.
Sadly, I was doing a 2 part registration. The first past, I was setting the token. When the page was submitted again with new details from the user, when I was making the call to google, I hadn't set the token.