Why is Google Oauth returning `invalid redirect_urI` in my Rails app?

ruby-on-rails oauth

I'm adding Google Oauth2 to a Rails app, but have been unable to get past the early stages.

I've set up an app, and defined client ID and secret.But I'm getting Invalid parameter value for redirect_uri: Non-public domains not allowed: http://localhost/path/to/callback

What does this mean? Is this because I'm testing on a local dev environment?

Thanks for any ideas.

EDIT

This might be because the app's URI differs from the sending URI. But when I go to Google and try to authorize the path to my dev app, I get OAuth2 redirect is invalid. Is this a limitation of using a locally hosted app?

EDIT 2

The request I'm generating looks like this:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=###########&redirect_uri=http%3A%2F%2Fmyapp.dev%2Fusers%2Fauth%2Fgoogle_oauth2%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile&approval_prompt=&access_type=offline

Is this correct. I've tried this with client_id including and excluding the .apps.googleusercontent.com section. Neither seems to work.


Solution 1:

I was getting the redirect error for my python / tornado app running on ubuntu. Using localhost didn't work as the accepted answer highlighted. Google wants a public domain.

My solution was to piggyback "example.com" which is public and create a sub domain in my /etc/hosts file. The sub domain would work on my local dev box and google would be happy with the example.com domain. I registering the redirects via the google console and the redirect worked successfully for me.

I added the following to my /etc/hosts:

192.168.33.100   devbox  devbox.example.com

In my case the IP was that of my machine. I could also have used 127.0.0.1 instead.

My Google API console (https://code.google.com/apis/console) set up for a new client ID was:

  • "Application Type: Web Application".
  • Via "Your site or hostname (more options)":
    • In "Authorized Redirect URIs" I entered http://devbox.example.com/
    • In "Authorized JavaScript Origins" I entered http://devbox.example.com/

Solution 2:

Using xip.io you can provide a public url to redirect to like http://your_pow_app.192.168.0.1.xip.io/user/auth/google_oauth2/callback

Tested and working.

Solution 3:

I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.

P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au

This is my answer to a related question https://stackoverflow.com/a/23517146/1320083

Related

Setting filter on headers of an Excel sheet via POI
How to detect string byte encoding?
How do I define Sequelize.STRING length?
overflow:hidden on inline-block adds height to parent
Apply Color Filter with xml in ImageView
Pylint: overriding max-line-length in individual file
Mercurial: how to undo last unpushed commit?
How do I update metadata for an existing Amazon S3 file?
After groupby, how to flatten column headers?
Preprocessing in scikit learn - single sample - Depreciation warning
How to style MUI Tooltip?
Angular - How can I write a condition in interpolation?