google oauth2 discovery return wrong token_endpoint

Question

Here is the google oauth2 discovery url. https://accounts.google.com/.well-known/openid-configuration And in the response, it looks like this

{
  "issuer": "https://accounts.google.com",
  "authorization_endpoint":"https://accounts.google.com/o/oauth2/v2/auth",
  "token_endpoint": "https://oauth2.googleapis.com/token",
  "userinfo_endpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
  "revocation_endpoint": "https://oauth2.googleapis.com/revoke",
  "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
 ...

The token_endpoint in the google document here https://developers.google.com/identity/protocols/OAuth2WebServer#exchange-authorization-code said it should be https://www.googleapis.com/oauth2/v4/token.

Maybe recently the token_endpoint is updated, but when I use https://oauth2.googleapis.com/token this one to exchange token with code., I will get an error response.

 { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }

And if I use https://www.googleapis.com/oauth2/v4/token to do the same thing, everything is fine.

Is there anything changed in google identify platform? Thanks!

DaImTo DaImTo · Accepted Answer · 2018-09-27T06:28:42

The OAuth endpoint has been updated a number of times over the last five years. I normally follow the one i the discovery doc but your example shows that that is not always the best course of action all of the time.

I have never heard of google shutting down old endpoints i suggest you use the one that works. As a side note i will contact Google to see if i can get some feed back as to why one call worked and the other didnt.

google oauth2 discovery return wrong token_endpoint

1 Answers