I wanted to implement a flow described in this question:
Authenticating with OAuth2 for an app *and* a website
Google solution for this requirement was described in here:
https://developers.google.com/identity/protocols/CrossClientAuth#offlineAccess
I followed this guide but unfortunately when I use the authorization code in backend to get access to the token and refresh the token from google, google throw this error:
{
"error": "invalid_request",
"error_description": "Missing parameter: redirect_uri"
}
redirect_uri
has no meaning for this situation because the client-side is android.
There is also some advice who they said use "postmessage" as redirect uri or use http://localhost as redirect uri or add server address in redirect URIs in your google app console, but none works for this flow.
Spend two days and researched almost all issues on stackoverflow and google before deeply investigated AppAuth library (https://openid.github.io/AppAuth-iOS/ and https://openid.github.io/AppAuth-Android/) and finally found an answer.
So, there are two rules I've found:
redirect_uri
should be one of :
bundle_id
or package_name
+ :/
or ://
+ *your_path*
(for example com.example.myapp://google_auth
)client_id
in reverse DNS form + :/
or ://
+ *your_path*
(for example com.googleusercontent.apps.*account_id*:/my_path
)redirect_uri
in initial authorization code request (https://accounts.google.com/o/oauth2/v2/auth
) and in authorization code exchange request (https://www.googleapis.com/oauth2/v4/token
) must be totally the same