Search code examples
oauthoauth-2.0google-oauthtorii

Google oAuth2 flow - what am I doing wrong?

I have an SPA hosted at http://localhost:4200 I also have an API hosted at http://localhost:1337

My SPA is using Torii to handle the flow and I get back the authorizationCode which I then try to send to my server for processing.

Here is my configuration over at google:

Google oAuth config

As you can see I've included all of the possible URLs just in case!

Now, when I pass that authorizationCode to my server to validate and then provide the client with a session I always get back redirect_uri_mismatch - even though I can see in the request to google the redirectUrl is exactly what is listed in the oAuth config page:

http://localhost:1337/api/v1/auths/google_oauth2

Am I doing this wrong? Should I be able to kick off the process from the browser then validate the authorizationCode from the server?

I can confirm that the api key and client id and secret are all correct.

[UPDATE]

Here is the repo: https://github.com/wayne-o/ember-waterlock-example

Solution

  • In order to do this the source and redirect url needs to be the same. This is a pain as i've read in the google docs that you can share auth codes across various application "packages" which might be hosted in different places.

    Anyway - to make this work you can proxy the API through ember using the following command:

    ember server --proxy http://localhost:1337

    Then configure everything to run through http://localhost:4200 - including all of the URLs you might have over at google oauth console.

    From there on in all of your wildest dreams come true.

    It's lame as AFAICS this should work without the need for all this.