shrhoads / gwt-oauth2

OAuth2 Client Bindings for the GWT generated javascript
Apache License 2.0
0 stars 0 forks source link

redirect_uri_mismatch Error 400 #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

Using the demo app call

AuthRequest req = new 
AuthRequest(GOOGLE_AUTH_URL,    GOOGLE_CLIENT_ID).withScopes(BUZZ_READONLY_SCOPE);

This causes the error 400, redirect_uri_mismatch

Original issue reported on code.google.com by giulio.r...@gmail.com on 27 May 2011 at 1:19

GoogleCodeExporter commented 9 years ago
I've debugged the problem and the library hardcode redirect_uri with value 
oauthWindow.html. Instead the it is generated by google api console: 
https://code.google.com/apis/console

I've changed the library passing the redirect_uri to Auth.login method. In 
attachment the src. To use it in your application set properly the:
- GOOGLE_CLIENT_ID
- redirectUrl

Original comment by giulio.r...@gmail.com on 27 May 2011 at 1:48

Attachments:

GoogleCodeExporter commented 9 years ago
The Getting Started guide describes this, but possibly could be more clear: 
"The redirect URL provided by the library is oauthWindow.html, and is hosted at 
the base path of your GWT app. Remember to add this URL to your auth provider's 
redirect URLs whitelist, otherwise you will only receive errors indicating "the 
redirect URI does not match.""

You should change the redirect URIs accepted by the APIs Console to include 
oauthWindow.html, since oauthWindow.html is an important component of the 
smoothness of the library's login process.

Specifying another redirect URI to use is not preferrable because it will send 
your user to another page, and will not be able to communicate with your GWT 
application that access has been given -- the callback you give to Auth.login() 
will not be fired.

Original comment by jasonhall@google.com on 27 May 2011 at 1:55

GoogleCodeExporter commented 9 years ago
Thanks for the clarification! I'm going to add oauthWindow.html to allowed 
redirect URIs.

Just an improvment: adding to login the possibility to add the redirect_uri 
increase the library flexibility. If the parameter is not passed the library 
uses oauthWindow.html otherwise uses what you set.

Original comment by giulio.r...@gmail.com on 27 May 2011 at 2:10

GoogleCodeExporter commented 9 years ago
The problem there is that if the user is redirected to another URI besides 
oauthWindow.html, then the callback in your code will never fire, and you'll 
have no idea whether they granted access or not.

I see where you're coming from, but I'm not sure that adding this flexibility 
will improve the overall developer/user experience, and will add complexity to 
the code and API of the library.

Original comment by jasonhall@google.com on 27 May 2011 at 2:16

GoogleCodeExporter commented 9 years ago
Got it!

Original comment by giulio.r...@gmail.com on 27 May 2011 at 2:18

GoogleCodeExporter commented 9 years ago
I have added it to my redirect URL's and I still have the same problem
My redirect URL's are:

https://www.crisisdb.com/cdb/oauth2callback
https://www.crisisdb.com/cdb/oauthWindow.html

I have also copied the "oauthWindow.html" file and placed it in the same 
directory as the "js" file and sample code.  

Original comment by SamDzir...@gmail.com on 19 Jan 2012 at 3:38