invalid_client in google oauth2

93
votes

I try to make a web page for youtube video upload, therefore I try to get the client id from google api console, and in the api console it shows something like this:

Client ID: 533832195920.apps.googleusercontent.com
Redirect URIs: http://bobyouku.ap01.aws.af.cm/testyoutube.php
https://developers.google.com/oauthplayground

However when I try to test my account using the following URL:

https://accounts.google.com/o/oauth2/auth?client_id=533832195920.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Fbobyouku.ap01.aws.af.cm%2Ftestyoutube.php&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fyoutube&response_type=code&access_type=offline

It gives out the result of invalid_client. Even when I try it on oauth2 playground, same fail occurs

So anyone knows what's happen?

24
google-oauthgoogle-data-apioauth2-playground
I found that sometimes the oauth2 client id doesn't work. I don't know why, but when I open a new account and create the client id again, it works.Bob
Bob is right, creating the client id solves this problemGabo Esquivel
Make sure when copy/pasting the client id you don't include a trailing space. That did the trick for me...andig
for me, i regenerated client secret and use that it worked. Seems the api is still unstable.Muhammad Talal

24 Answers

114
votes

Set/change your product name, I had this issue until I created a product name as same as project name.

The product name can be set in the Consent screen section of the Google Developers Console for your project. Look under APIs & auth in the left navigation and select Consent screen. You need also to set your email address in the box above the product name.

73
votes

After copy values from Google web UI, I had a blank space for:

  • client_id
  • secret

And at the BEGINNING and at the END for both.

This happens even when clicking on the "copy" button.

41
votes

Trim the leading and trailing white space from both the client_id and client_secret. Google's copy button does not do this for you.

enter image description here

Set both the email address and product name fields for the OAuth consent screen.

enter image description here

16
votes

Setting EMAIL ADDRESS and PRODUCT NAME in the consent screen of Google developer console, solves the error "Error: invalid_client. The OAuth client was not found." for me.

9
votes

I had .apps.googleusercontent.com twice in my ID.

It was a copy and paste issue "Your ID HERE".apps.googleusercontent.com

7
votes

in this thread i found my answer.

  1. I went to google console,
  2. generate a new project, made refresh, because in my case after create the page didn't reload
  3. select new project
  4. create a client ID
  5. use it for what you need

thanks guys :D

7
votes

invalid_client can also simply means that your client ID and client secret are wrong when you create your Oauth2 object.

6
votes

In my case this turned out to be something else, namely my code used an environment variable that hadn't been set properly (and stupidly wasnt checked by my code). Setting it, recompiling assets, and restarting the app did the trick.

5
votes

If you follow the documentation, from this page https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id

you'll see

<meta name="google-signin-client_id" content="YOUR_CLIENT_ID.apps.googleusercontent.com">

But it's wrong. It should be 

<meta name="google-signin-client_id" content="YOUR_CLIENT_ID">

The issue is that the '.apps.googleusercontent.com' gets added anyway. If you do it like the documentation says, you get '.apps.googleusercontent.com' twice

4
votes

I solved this by removing unnecessary quotes from my clientID and clientSecret values.

2
votes

Did the error also report that it was missing an application name? I had this issue until I created a project name (e.g. "Project X") in the project settings dialog.

2
votes

probably old credentials are invalid

see the answer below

stackoverflow answer

or short names may work

see the answer below stackoverflow answer

or product name same as project name as answered already

at times one may include extra space in the

check twice this line so that you are redirected to the correct url

1
votes

I solved my problem with trim :

'google' => [
    'client_id' =>trim('client_id),
    'client_secret' => trim('client_secret'),
    'redirect' => 'http://localhost:8000/login/google/callback',
],
1
votes

None of the following were my issue - I resolved this by opening an incognito window. Something was obviously being cached somewhere, no amount of changing auth client settings helped and there were never any trailing or leading spaces in config values.

0
votes

Check your Project name on Google APIs console. you choose another project you created. I was same error. my mistake was choosing diffirent project.

0
votes

At Credentials Accept requests from these HTTP referrers (web sites) (Optional) Use asterisks for wildcards. If you leave this blank, requests will be accepted from any referrer. Be sure to add referrers before using this key in production. Add . (star dot star) . It work fine for me

0
votes

I accidentally had a value in the Client Secret part of the URL, but Google Credential does not need a Client Secret for Android OAuth 2 Client IDs. Simply leaving the value blank in the URL did the trick for me.

0
votes

Steps that worked for me:

  1. Delete credentials that are not working for you
  2. Create new credentials with some NAME
  3. Fill in the same NAME on your OAuth consent screen
  4. Fill in the e-mail address on the OAuth consent screen

The name should be exactly the same.

0
votes

Another thing to check:

When you install the GoogleAPIs into a .Net app with NuGet, it will inject a new set of dummy values in your *.config file.

Check that any original values are still in place, and remove dummy entries.

0
votes

Deleting client ID and creating new one a couple of times worked for me.

0
votes

Mine didn't work because I created it from a button from the documentation. I went again to the project and created another OAuthClientID. It worked. Yes, be careful about the extra spaces on right and left too.

0
votes

For best results make sure you have the complete details as follows:

{"client_id":"282324738-4labcgdsd4nlh34885s2d34tmi.apps.googleusercontent.com","project_id":"abcd23ss-212808","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://www.googleapis.com/oauth2/v3/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"23452-dfgdfgcdfgfd","redirect_uris":["http://localhost:6900/auth/google/callback"],"javascript_origins":["http://localhost:6900"]}

This data is always available for download as JSON from https://console.developers.google.com/apis/credentials/oauthclient/

0
votes

If you are in Meteor JS, you have to use clientId instead appId:

Since facebook uses appId and google clientId.

ServiceConfiguration.configurations.upsert({
    service: "google"
}, {
    $set: {
        clientId: process.env.OAUTH_GOOGLE_APP_ID,
        loginStyle: "popup",
        secret: process.env.OAUTH_GOOGLE_SECRET
    }
});

I spent some hours to realize over that.

0
votes

I wish I had seen this post before, because there are a lot of things I had to find out trial and error. A lot can go wrong with this. Here's another issue I had:

Whe you specify the Authorised Javascript origins or Authorised redirect URIs, make sure to include your domain with and without www. So https://google.com and https://www.google.com

Also I had uploaded an Application logo. Because of that, the consent screen required a review... which takes forever. Don't upload an Application logo, or be very patient.