Do I need to have a public IP address and public DNS resolution for my application to use OAuth2? I want to configure a login with google to an internal web application on my VPC. the application server is accessible only via VPN and it has a private IP address and uses an internal DNS record that not exposed to the internet. the application can connect to the internet.
The application OAuth configuration require callback_url, is the callback URL needs to be accessible from the authorization server?
The callback URL only needs to be contactable from the app - which most commonly is the user's browser. So private URLs are fine.
It is common for developers to use a callback URL such as http://localhost:3000/myapp/callback, and these work fine with OAuth. The Authorization Server does not itself try to make HTTP calls to the callback URL.