Forum Documentation Showcase Pricing Learn more

Google Sign On 400 Error: URI redirect mismatch

Kindly please take a look at the GIF!

I’ve done this 4 times differently and looked up Google’s documentation and I still get this error.

Kin

Much appreciated guys
Thank you!

kfhwdd

In my sleep I realised that I missed out a step in the workflow for the button to login with google. I fixed it now:

But it still doesn’t work …

Are you running the test with Bubble Debug Mode on?

That adds “?debug_mode=true” to the URI

Nope, its in development mode …

Google is very strict (and annoying) about URLs. They have to match perfectly.

I’m pretty sure its right but I ll check again … maybe with different apps …

This is annoying!

I’ve checked again but no luck, would anyone be able to check the public app? Alongside the API setup? (Below)

Public app:

Screenshot of google console setup:

So if you decode the URL you will see what the issue is.

https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email&response_type=code&redirect_uri=https://sociallogin.bubbleapps.io/index&state={“oauth_provider”:“google”,“resume_key”:“1465882697556x120”,“used_redirect_url”:“https://sociallogin.bubbleapps.io/index”}&prompt=consent&client_id=1061842785319-rac7ij6e6b5k6eh4njsks2oknu7tepm1.apps.googleusercontent.com&from_login=1&as=-6760cd2445f901d5&authuser=0

Your redirect URL is set to your index page, not the success page. If you edit the URL to be the success page it works.And I had to use the Live version too.

https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email&response_type=code&redirect_uri=https://sociallogin.bubbleapps.io/success&state={“oauth_provider”:“google”,“resume_key”:“1465881924290x100”,“used_redirect_url”:“https://sociallogin.bubbleapps.io/success”}&prompt=consent&client_id=1061842785319-rac7ij6e6b5k6eh4njsks2oknu7tepm1.apps.googleusercontent.com&from_login=1&as=-116c9a9cdbcf3fc8&authuser=0

Now…where to specify what the redirect page is in bubble … that is the question.

If you make the redirect the index, then you won’t just restart in the middle of the workflow (Goggle does the redirect for you, so you will never hit that navigation action in your workflow I don’t think).

So I am not quite sure what to suggest really. It doesn’t appear to have created a user in Live for me.

But that is the way the social signup works. You get redirected back to a page. The issue is that you won’t be able to tell you have been redirected. Have a look at the URL again, the “state” parameter is preserved across the calls, so you can use that to work out where you have come from … but it looks like the parameters don’t come back to Bubble, and that isn’t all that helpful.

Have a look at this callback URL from Google using Bubble and Auth0…

I am getting both the auth code and a state back from Google.

Here is a very simple social login test using Auth0 … I need to change it to be the implicit oauth flow (so token back rather than code that I then have to exchange for a token).

Hopefully this helps rather than confuses. I have spent far too long trying to get social login to work, but it might give you some idea of how it works in practice. (p.s. the button on the success page doesn’t do anything, it will eventually use the oauth token to call Google Calendar API for the user that has jut logged in … but all this makes my ears bleed, so approach in short bursts.)

1 Like

Thanks for the reply!

I am digesting away …

  • I didn’t think of decoding the URL. Thats a valuable tip that I’m going to use now onwards as a last resort - thank you Nigel!
  • Yea, setting the index page as the redirect URL works.
  • Regarding the redirect, it seems to me that this is happening:

I am not sure that is how it works. Although could be wrong.

Bubble won’t hold the state of the page in the middle of the workflow when it redirects. So when it comes back to your page it will be a new session. You would have, I think, to recognise it is a redirect from the authorisation and run the workflow to navigate to success on page load.

Maybe. Uncharted territory :slight_smile: