I'm trying to authenticate my Desktop Application via Google OAuth 2.0. Unfortunately I'm getting the following error every time I'm calling the https://oauth2.googleapis.com/token endpoint:
{
"error": "invalid_request",
"error_description": "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure. You can let the app developer know that this app doesn't comply with one or more Google validation rules."
}
Following my project setup according to the Google Cloud Console:
I have no idea what I'm doing wrong. The first few steps - opening the browser and logging in with an account, that is a registered tester - works flawlessly. This is done through the following URL:
https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?response_type=code&client_id=<client-id>&redirect_uri=http%3A%2F%2Flocalhost%3A8080&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform.read-only&access_type=offline&include_granted_scopes=true&service=lso&o2v=2&flowName=GeneralOAuthFlow
As you can see I set http://localhost:8080 as the redirect_uri. A local Webserver is running on that port and eventually - after going through the login in the browser - I get the code but calling the https://oauth2.googleapis.com/token endpoint with the necessary form parameters results in the 400 error mentioned earlier.
I found the solution. My Desktop application is using Ktor and this is the code that I used when sending the request to https://oauth2.googleapis.com/token:
val response = client.submitForm(
url = "https://oauth2.googleapis.com/token",
formParameters = Parameters.build {
append("code", <code>)
append("client_id", <id>)
append("client_secret", <secret>)
append("redirect_uri", encodedRedirectUri)
append("grant_type", "authorization_code")
},
)
The problem: My redirect_uri. I passed it already encoded, so my http://localhost:8080 became http%253A%252F%252Flocalhost%253A8080 instead of http%3A%2F%2Flocalhost%3A8080 (double encoded) resulting in the "400 - Bad Request" error.