Google OAuth2.0 redirected URI missing Hash (#) and path-CodePudding

I am implementing OAuth 2.0 with Google API's, but the redirect Uri from Google is missing the hash (#) and path. Which causes my parsing to fail. I am building for Web Browsers.

My Request URI to Google:
https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=http://localhost:4002/sso-callback&response_type=token&state=C2ubRxTMwv&client_id=...

The redirect_uri decodes to http://localhost:4002/sso-callback

Google's Redirect URI:
http://localhost:4002/state=C2ubRxTMwv&access_token=...
Which is missing both the /sso-callback path and the # needed to distinguish the OAuth params when using response_type=token

Google API Settings:

Not sure if this is a config issue, or a Google issue.

CodePudding user response：

When I submit this URL by pasting it in the address bar in Chrome:

https://accounts.google.com/o/oauth2/auth?scope=https://mail.google.com/&response_type=token&client_id=111111-aaaaaaaa.apps.googleusercontent.com&state=1&redirect_uri=http://localhost:3000/callback

I receive a redirect to

 http://localhost:3000/callback#state=1&access_token=ya29.A0ARrdaM-tPsT7jLIaCoVdhHo5vW71tYF1Z4ESfNNzNAh6SN7e_a4x24V0HVu4M427KF3bpWk8-Sm37oUxUHDpA-mMGJrAQPHgMlDA0suMVW2R0WBR_9vQiaPf8cMB8Tna8EH9wLSrm58PG3g30HJWUio1Ytyh&token_type=Bearer&expires_in=3599&scope=https://mail.google.com/

A few notes: Google auth server seems to only use the first redirect URI configured in Google Console. In your case it is

http://localhost:4002

Try placing your desired redirect URI

http://localhost:4002/sso-callback

in the first position in the Console.

CodePudding user response：

Turns out there was an SSR redirect that was breaking the urls that I did not know about. The answer by Delta George got me to try out a few other urls which made the issue clear.