Cross-platform Google OAuth Signin: redirect_uri mismatch

Question

I use Google OAuth for authenticating users on my application and face an issue with redirect_uri to support multiple client apps.

On the server-side, I provide a REST API which uses the Google PHP SDK, the login flow is almost similar to what's described here: https://developers.google.com/identity/sign-in/web/server-side-flow

I have two client apps: a website using the JavaScript SDK and an Android app using the android client, implemented as https://developers.google.com/identity/sign-in/android/start-integrating

I have no redirect_uri's configured in Google console. My issue is that I set the redirect_uri to postmessage in my server code, but I'm unable to get this working with the Android app: I get a redirect_uri mismatch error.

$this->client = new Google_Client;
$this->client->setRedirectUri('postmessage');

Without this uri, google login on my web client throws an error `Error fetching OAuth2 access token, message:

invalid_request: Missing parameter: redirect_uri

If I do not specify a redirect_uri, login works fine on Android, but the web-client doesn't work. How do I workaround this?

Answer 1

You need to set the redirect uri as following:

1. If it's web sdk set it to 'postmessage'
2. If it's mobile (android in your case) set it to '' (empty string)

Pass from the client some kind of identifier so you will know in the server which redirect uri you should set.