passport-google-oauth2 icon indicating copy to clipboard operation
passport-google-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

redirect_uri_mismatch The redirect URI in the request, http://localhost:4500/auth/auth/google/callback, does not match

Open yilmazbingo opened this issue 3 years ago • 5 comments 

Google is seeing callback url as "http://localhost:4500/auth/auth/google/callback" //double "auth"

this is the callback url I set on app settings. http://localhost:4500/auth/google/callback this is passport configuration:

passport.use(
  new GoogleStrategy.Strategy(
    {
      clientID: process.env.GOOGLE_CLIENT_ID!, // "!" is typescript character
      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
      callbackURL: "auth/google/callback",
    },
    // this is called when user is redirected back to our app
    async (accessToken, refreshToken, profile, done) => {
      const existingUser = await User.findOne({ googleId: profile.id });
      if (existingUser) {
        done(undefined, existingUser);
      }
      const user = await new User({ googleId: profile.id }).save();
      done(undefined, user);
    }
  )
);

here are the routtes:

export const authRoutes = (app: Application) => {
  //with passing "google" passport knows that it will use GoogleStrategy
  app.get(
    "/auth/google",
    passport.authenticate("google", { scope: ["profile", "email"] }),
    (req, res) => {
      res.redirect("/");
    }
  );

  // passport sees the code here and it knows that it has to use the code to get user
  app.get("/auth/google/callback", passport.authenticate("google"));
  app.get("/auth/current_user", (req: Request, res: Response) => {
    res.send(req.user);
  });
  app.get("/auth/logout", (req: Request, res: Response) => {
    req.logout();
    res.json({ user: req.user });
  });
};


### Environment

* Operating System: Kali Linux 2020
* Node version:  -v10.21.0 

 "passport": "^0.4.1",
    "passport-google-oauth20": "^2.0.0",

![google-oauth](https://user-images.githubusercontent.com/47233790/99930825-83e5a200-2d20-11eb-9021-443d82eb40d5.png)

yilmazbingo avatar Nov 23 '20 02:11 yilmazbingo

Hey, have you added http://localhost:4500/auth/google/callback in the Authorised redirect URIs in your console.developers.google.com?

lily-law avatar Dec 06 '20 20:12 lily-law

You need to provide a public IP. I don't think google can access localhost. Try providing IP like 127.0.0.1:8080 and adding it to authorized URIs in google dev console. Also try callbackURL : '/auth/google/callback'

blood-rogue avatar Dec 07 '20 15:12 blood-rogue

Your url contains two levels of auth. You have accidently added : http://localhost:4500/auth/auth/google/callback Instead it should be http://localhost:4500/auth/google/callback

Ritik0602 avatar Jan 16 '21 14:01 Ritik0602

Also try callbackURL : '/auth/google/callback'

+1. I'm guessing that is the issue. (leaving off the starting / can, depending on the context/parser, result in it viewing it as a "relative to current url" path, in which case it would take the /auth/google path and find the relative auth... as replacing the right-most path-segment)

Venryx avatar Aug 11 '21 20:08 Venryx

I'm getting this with '/login/google/callback' from a https site. The redirect_uri is only http?

I can't add the http version as an authorized redirect as it's in production and Google says:

Invalid Redirect: This app has a publishing status of "In production". URI must use https:// as the scheme.

ellenhutchings avatar Mar 03 '22 03:03 ellenhutchings