I am using Ruby on Rails to access my Gmail account and read emails. I recently changed the password of my account. Since then, I am unable to access the emails using the credentials I was using previously. That is, after changing the password, the client id, client secret and refresh token are invalid.
Tried creating new client id and client secret. But in order to generate the refresh token, I need the authorization code. For this I am performing the following steps:
- Run command: gmail_cli authorize
- Insert newly created client id and client secret
- Access the url returned in the terminal.
On accessing the URL, it throws an error:
Authorization Error Error 400: redirect_uri_mismatch The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type. You can create a Client ID for native application at https://console.developers.google.com/apis/credentials/oauthclient
I understand that the issue is with the redirect URI. But where should I add it? And what should the URI be?
Any help would be grateful.
CodePudding user response:
After changing the passwords of your account, all refresh tokens will be revoked for that user when one of the gmail scopes was used to create it.
You should simply need to authorize your application again. Remember though with the remove of OOB that you can no longer use the redirect uri of urn:ietf:wg:oauth:2.0:oob
you should instead use localhost.
redirect_uri=http://127.0.0.1:port or http://[::1]:port">http://[::1]:port or
- Making Google OAuth interactions safer by using more secure OAuth flows
- Out-Of-Band (OOB) flow Migration Guide
CodePudding user response:
I was able to resolve the issue. Hence sharing the details for anyone who stumbles on a similar issue. As mentioned by @DalmTo, the client id and secret do not change. I had created new credentials and was trying to get the authorization key for it which was leading to an error.
So the solution is that using the same credentials we just need to create new access key and refresh token.