In the 'Authorized redirect uri's' (Google cloud console, oauth2.0) I put https://XXX.herokuapp.com/auth/google/callback but when I try to sign in it gives me Error 400: redirect_uri_mismatch. But when I change it to 'http', the sign in works. My heroku app is https only. But this causes the rest of the site to be http which isn't good and google itself doesn't let me publish unless the http request is turned to https. I don't know what to do...plz help.
This is my auth.js
const express = require("express");
const router = express.Router();
const passport = require("passport");
//Authenticate with google
//GET /auth/google
router.get("/google", passport.authenticate("google", { scope: ["profile"] }));
//Google auth callback
//GET /auth/google/callback
router.get("/google/callback", passport.authenticate("google", { failureRedirect: "/" }),
function (req, res) {
// Successful authentication, redirect home.
res.redirect("/something");
}
);
router.get("/logout", (req, res) => {
req.logout();
res.redirect("/");
});
module.exports = router;
This is the error when using https as the redirect URI
Authorization Error
Error 400: redirect_uri_mismatch
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.
If you're the app developer, register the redirect URI in the Google Cloud Console.
Learn more
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: http://XXX.herokuapp.com/auth/google/callback
So I got the answer, in my passport.js, (which I didn't mention in the question) instead of
as the callbackURL
I wrote the whole url with https, like this:
https://XXX.herokuapp.com/auth/google/callback