Authorization Error, Error 400: redirect_uri_mismatch Gmail API

1
votes

I am following this Ruby Gmail API quickstart guide to authorize a user for the Gmail API. I've created a Web Application type app at Google console and generated it's credentials.json file(and placed it alongside the quickstart.rb). I've provided a redirect_uri to the app which is hosted as a rails app on heroku. The url is in the format as below

https://myapp-api-heroku.com/my_redirect_endpoint

When I run the quickstart.rb, it displays the following message in console

Open the following URL in the browser and enter the resulting code after authorization: https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force&client_id=my_client_id_here&include_granted_scopes=true&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/gmail.readonly

After I open the link in the browser it displays this error

The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type. You can create a Client ID for native application at https://console.developers.google.com/apis/credentials/oauthclient

I've registered the provided redirect_uri at the google console in the respective application. I'm unable to find what it causing this issue.I eventually want to call this Gmail API from my rails app server, but I'm unable to proceed further.

1
rubygoogle-apigmail-apigoogle-developers-consolegoogle-api-ruby-client

1 Answers

2
votes

There are several types of auth lets look at two of them. The first being web which would be designed to work on a web server where the authorization is returned to the webservier itself to handle it. The second being an installed application which would return the response to local host or the endpoint which sent the reuqest.

The code you are following Ruby quick start states at the top that it is designed to work as a console application or installed app which is why you are seeing urn:ietf:wg:oauth:2.0:oob,that means localhost

Complete the steps described in the rest of this page to create a simple Ruby command-line application that makes requests to the Gmail API.

THe code used to authenticate with the two different types of clients is different. the code in your example is designed to work with an installed application there for for it to work you need to create installed native credentials on google developer console you have created web credentials which will not work with the code you are using.

for a web server application you should be following webauth

require 'google/apis/drive_v2'
require 'google/api_client/client_secrets'

client_secrets = Google::APIClient::ClientSecrets.load
auth_client = client_secrets.to_authorization
auth_client.update!(
  :scope => 'https://www.googleapis.com/auth/drive.metadata.readonly',
  :redirect_uri => 'http://www.example.com/oauth2callback',
  :additional_parameters => {
    "access_type" => "offline",         # offline access
    "include_granted_scopes" => "true"  # incremental auth
  }
)