[Fixed]-Google Oauth2.0 web application's "Authorized redirect URIs" must end with a public top-level domain (such as .com or .org)?

25👍

There is help text near “Authorized redirect URIs” field, that clearly states that you cannot use public IP addresses:

Authorized redirect URIs

For use with requests from a web server. This
is the path in your application that users are redirected to after
they have authenticated with Google. The path will be appended with
the authorization code for access. Must have a protocol. Cannot
contain URL fragments or relative paths. Cannot be a public IP
address.

127.0.0.1 is not public IP, but a loopback, that’s why http://127.0.0.1/callback works fine. localhost also could be used: http://localhost/callback

Except to bind a public top-level domain to my server, what else can I do?

You can use free DNS by http://xip.io/. So for IP 99.99.99.99 use http://99.99.99.99.xip.io/callback. And it would be resolved to http://99.99.99.99/callback.

👤polart

Leave a comment