HttpFixer โ†’ Fix โ†’ OAuth โ†’ Google
OAuth

Fix OAuth Errors on Google

Last updated: April 2026

Common Google OAuth errors and the Cloud Console settings to address them.

Diagnose OAuth errors live โ†’

redirect_uri_mismatch

Google Cloud Console โ†’ APIs & Services โ†’ Credentials โ†’ Your OAuth 2.0 Client โ†’ Authorized redirect URIs. Add the exact URI.

# Must match exactly, including trailing slash
https://yourapp.com/auth/google/callback
http://localhost:3000/auth/google/callback
โš  Google does not allow wildcard redirect URIs. Add each environment explicitly. Changes take up to 5 minutes to propagate.

invalid_grant on refresh

Google refresh tokens are invalidated when: user revokes access, app exceeds 50 refresh tokens per user, or user changes password (depending on scopes).

# Always request offline access for refresh tokens
scope: 'openid email profile'
access_type: 'offline'
prompt: 'consent'  # required to get refresh token on first auth

OAuth consent screen not configured

Cloud Console โ†’ APIs & Services โ†’ OAuth consent screen. Set up app name, support email, and authorized domains. Apps in "Testing" mode only allow test users.

Unverified app warning

If users see "Google hasn't verified this app", submit for verification in the OAuth consent screen. For internal apps, set User Type to Internal.

Related: OAuthFixer redirect_uri_mismatch invalid_grant