redirect_uri_mismatch

What this error means

The OAuth server received an authorization request with a redirect_uri that doesn't exactly match any URI registered for that application. The match must be exact — including protocol, domain, path, trailing slash, and port.

Common causes and fixes

Trailing slash difference

# Registered: https://app.example.com/callback
# Request sends: https://app.example.com/callback/ ← trailing slash

Fix: Remove the trailing slash from your redirect_uri, or register both versions.

HTTP vs HTTPS

# Registered: https://app.example.com/callback
# Request sends: http://app.example.com/callback

Fix: Ensure your app always uses HTTPS in the redirect_uri.

localhost port mismatch

# Registered: http://localhost:3000/callback
# Request sends: http://localhost:3001/callback

Fix: Register the exact port your dev server uses, or register multiple URIs.

Provider-specific fixes

Auth0

Dashboard → Applications → your app → Allowed Callback URLs. Add the exact URI including protocol and path. Auth0 does not support wildcards in callback URLs.

Google OAuth

console.cloud.google.com → APIs & Services → Credentials → your OAuth client → Authorized redirect URIs. Exact match required.

Okta

Admin Console → Applications → your app → General → Sign-in redirect URIs.

Cognito

AWS Console → Cognito → App client settings → Callback URL(s). Comma-separated list.

Debugging

# Check what redirect_uri your app is actually sending
# Open browser DevTools → Network → find the authorization request
# Look at the redirect_uri query parameter value