I'm encountering an issue with implementing Google OAuth using the passport-google-oauth package in my Node.js application. I would appreciate any assistance or insights you can provide to help resolve the problem.
Here are the details of my setup:
I am using the passport-google-oauth package to handle Google OAuth authentication in my application.
The client I have created in the Google Cloud Console is of type "Web application."
I have configured the Authorized JavaScript origins in the Google Cloud Console to include the correct HTTPS URL for my application (e.g., https://{my-domain}).
I have also added the appropriate Authorized redirect URIs, including https://{my-domain}/login/google/callback, which is the callback URL specified in my application.
However, when attempting to authenticate with Google, I receive a redirect_uri_mismatch error. Upon inspecting the error details, it suggests adding a redirect URL in the format of redirect_uri=http://{my-domain}/login/google/callback. Please note that my URL is actually in HTTPS format (https://{my-domain}/login/google/callback), which is the URL I have correctly specified as an Authorized redirect URI in the Google Cloud Console.
I have already tried the following steps to troubleshoot the issue:
Verified that the clientID and clientSecret values used in the GoogleStrategy configuration are correct.
Ensured that my application is running on the correct HTTPS URL.
Checked for any misconfiguration in my Apache web server and SSL settings.
Verified that the necessary firewall rules are in place to allow outgoing connections.
Despite these efforts, the issue persists, and I am unable to authenticate with Google using OAuth in my production environment. The same code works fine on my local machine, which suggests that there might be a configuration or compatibility issue specific to the production environment.
If anyone has encountered a similar problem or has any suggestions on how to resolve this issue with passport-google-oauth and the redirect_uri_mismatch error, I would greatly appreciate your input.
This is my code:
const GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
router.get('/google', function(req, res, next) {
req.session.cartId = req.query.cartId;
next();
}, passport.authenticate('google', { scope : ['profile', 'email']}));
router.get('/google/callback', (req, res, next) => {
return authenticateAndRedirect('google', req, res, next);
});
passport.use(new GoogleStrategy({
clientID: process.env.OAUTH2_ID,
clientSecret: process.env.OAUTH2_SECRET,
callbackURL: "/login/google/callback"
},
async (accessToken, refreshToken, profile, done) => {
const email = profile.emails[0].value.toLowerCase();
let user = await User.findOne({ email });
if (user) {
console.log('user exists');
user.googleId = profile.id;
user = await user.save();
return done(null, user);
} else {
console.log('creating new user');
return createNewUser(profile, email, done);
}
}
));
EDIT: fixed it with replacing the url"/login/google/callback" in the new GoogleStrategy with the full url: https://{my-domain}/login/google/callback. for some reason google were looking for an http url and adding the full one with 'https' solved it.