Google API OAuth 2.0 - redirect_uri_mismatch

Question

I've read the plentiful amount of posts about this issue all over StackOverflow, but none of them mirror my case (as in, the solutions in those other posts are things I've already done & the error still persists). I've followed all the instructions to a tee, as far as I can tell anyway, but I am absolutely stuck with this 400 - redirect_uri_mismatch!

TL;DR:

Python + Django web-app.

1. OAuth Client is listed as web application and is not published.
2. Redirect URI was added to Credentials, both with and without trailing slash.
3. Using generic Flow + web-keyword, not InstalledAppFlow
4. Redirect URI loads and responds to requests
5. Still redirect_uri_mismatch :-(

Details, screenshots, code, etc. as relevant below.

1. My app is registered as a 'web app' & is in Testing mode:

2. I've added the redirect_uri to Cloud Console:

You'll see I've added variations of it so that I can try all of them - both 127 and localhost, as well as with and without trailing slash.

3. I'm not using InstalledAppFlow, I'm using generic Flow with the 'web' keyword:

    REDIRECT_URI   = "http://localhost:8000/dev/test/onboard_finalize"

    CLIENT_SECRETS = {
        "web": {
            "client_id": {CLIENT_ID},
            "client_secret": {CLIENT_SECRET},
            "redirect_uris": [REDIRECT_URI],
            "project_id": {PROJECT_ID},
            "auth_provider_x509_cert_url": AUTH_URL,
            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
            "token_uri": "https://oauth2.googleapis.com/token"
        }
    }

    sesh = OAuth2Session(CLIENT_ID, scope=SCOPES, redirect_uri=REDIRECT_URI)

    flow = Flow(
        oauth2session = sesh,
        client_type   = "web",
        client_config = CLIENT_SECRETS,
        redirect_uri  = REDIRECT_URI,
        code_verifier = self.state,
    )

    url, state = flow.authorization_url(prompt="select_account")

    print("Using REDIRECT_URI:", REDIRECT_URI)
    print("Generated URL:", url)

Which then yields:

Using REDIRECT_URI: http://localhost:8000/dev/test/onboard_finalize  

Generated URL: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fdev%2Ftest%2Fonboard_finalize&scope=openid+profile&state=lVtLKgPPtyhjjpll5Wd8KEnZjSqGty&code_challenge=****&code_challenge_method=S256&prompt=select_account&access_type=offline

And yet:

Clicking the modal yields:

Request details:  
redirect_uri=http://localhost:8000/dev/test/onboard_finalize

which in this case corresponds to uri #4 in Cloud Console.

oauthplayground also does not work, and the error is exactly the same. The error is in fact exactly the same - identical - for all of the URIs listed.

4. I don't think this is related, but since I have tried everything else - the redirect uri does work:

Answer 1

There is nothing wrong with the above setup, Google just for some reason needed something more than "a few hours" to propagate them to wherever they needed to be. Hard to say exactly how long period was needed, but at my last test the endpoints had been config'd for at least 9 hours. So for all I know, somewhere between 9 and ~24 hours.