google-api-python-client icon indicating copy to clipboard operation
google-api-python-client copied to clipboard
verified publisher icon googleapis

What exactly is redirect_uri in Google OAuth2 request for getting authorization code in Mobile App?

Open agn-7 opened this issue 3 years ago • 2 comments

According to the Mobile App Google documentation, there is a parameter named redirect_uri which is not clear to me. For example, in the Web App flow of Google OAuth2, the procedure is some communication between front-end, back-end, and google server. In fact, the backend prepares two endpoints one for redirecting to the google auth page which will be called by the frontend, and another endpoint is /oauth2callback which will be called by the google server as a redirect_uri.

My question is, what's the redirect_uri in the Mobile App flow? Is it the same with my backend /oath2callback or Mobile App flow doesn't need any backend part?

Is the following procedure true? First, you create a web application credentials in google developer console, then use the client_id in both react native as well as backend side, next you create the /oath2callback endpoint in the backend and use it as redirect_uri in the native side?

[NOTE]:

Actually, I am going to receive credential stuff from the mobile side including access_token, refresh_token, etc, into the backend and store it into the db and use it for calling google API on the server side.

I also couldn't find rasing an issue in https://cloud.google.com/support/ !

[UPDATE]

Here's the flow I've implemented:

enter image description here

agn-7 avatar Jul 23 '22 19:07 agn-7

Same discussion is here (https://github.com/openid/AppAuth-Android/issues/784#issuecomment-999560861). But even after reading that I am not sure how to use Android App Link (verified https domain) as redirect_uri. If I set working (tested with Android Studio->Tools->App Link Assistant) https app link as redirect_uri I get redirect_uri_mismatch error.

In my case I have these ingredients:

  • debug AppplicationID (com.example.my_app)
  • Google Cloud Console credential (Android app type) for the com.example.my_app
  • verified domain https://my-mobile-app.com with assetlinks.json
  • working App Link https://my-mobile-app.com/oauthcallback (tested in emulator)

I tried (without success) this combination of redirect_uris:

com.my-mobile-app:/oauthcallback:

https://accounts.google.com/o/oauth2/v2/auth?
 redirect_uri=com.my-mobile-app%3A%2Foauthcallback&
 scope=profile&
 response_type=code&
 state=strong_state&
 client_id=client_id

https://my-mobile-app.com/oauthcallback:

https://accounts.google.com/o/oauth2/v2/auth?
 redirect_uri=https%3A%2F%2Fmy-mobile-app.com%2Foauthcallback&
 scope=profile&
 response_type=code&
 state=strong_state&
 client_id=client_id

Voronar avatar Mar 31 '23 08:03 Voronar

https://github.com/openid/AppAuth-Android/blob/master/app/README-Google.md partially helps me, but now I need to figuring out what is the correct redirect_uri_path in my case.

Update1. Maybe this guide is not suitable for App Link case at all.

Update2. Yes, this guide describe API Console Credentials page client_id based OAuth2 redirection scheme and it works in my application. Just some tweaks in AndroidManifest.xml intent filter: <data android:pathPattern="/oauth2redirect" android:scheme="com.googleusercontent.apps.CLIENT_ID_PREFIX"/> and redirect_uri becomes com.googleusercontent.apps.CLIENT_ID_PREFIX. But it would be cool to make App Link redirection scheme working too. Similar approach works for iOS with custom URL scheme registration in iOS project settings.

Voronar avatar Mar 31 '23 09:03 Voronar