WordPress.org
Support » Plugin: WP Mail SMTP by WPForms » Authorized redirect URI not populating correctly
Authorized redirect URI not populating correctly
Hi all,
I’m trying to set the Gmail integration I have been following this documentation, and everything goes fine until the configuration of the Authorized redirect URI. In the doc it is stated that the link should contain my site url or be related to it in some way to validate it in the Google Console. However, the link provided in my case points to https://connect.wpmailsmtp.com/google/, making it impossible to finish the mail configuration.
I had initially configured the plugin correctly in my dev environment, but in prod it is when I’m facing this issue.
I’m running WordPress 5.5.1 with PHP 7.4.10, the plugin version is 2.5.0.
The page I need help with: [log in to see the link]
in the latest version v2.5 (updated 1 day ago) of our plugin we changed the way the redirect URI and Google oAuth process works.
A lot of users had issues with WP security plugins or with mod_security, so we implemented a few changes to resolve those issues.
You now have to add this new redirect URI to your Google oAuth app in the Google developer console (wait a few minutes for the added redirect URI to update on Google side) and then you’ll be able to successfully finish the Google Authorization in our plugin.
I’m sorry for this confusion and have a nice day!
Thank you for the response, the plugin is now working correctly.
Just one last question, can I remove the other URI’s from the Google oAuth app and only leave the new one?
It would have been nice to have made this change nice and clear right next to the authorised redirect setting. I’ve just spent a reasonable amount of time trying to figure out what has changed. I wasn’t having any issues before. I was expecting to see the usual url I’ve always been seeing. This might be costing you guys a star.
yes, you can remove the other URI from the Google oAuth app if you want. You will just need to use the latest version of our plugin on all your WP sites (if you are using the same Google oAuth app on any other WP site).
the Google Authorization should be performed just once, when the plugin is being set up for the first time. So, a new user should probably follow the documentation (we will update the part @nvertoletik mentioned) and successfully complete the Gmail mailer setup in our plugin.
I’m really sorry if this caused issues for you as an existing plugin user.
After a bit of head scratching I did manage to set it up anyway, and now I know for next time. 🙂
WOW… I have about 20 clients sites connected with your plugin via Gmail API and ALL of them disconnected a few weeks ago! The settings in your plugin reverted back to the basic PHP setting and a phony email “wordpress@SITENAME.com” was placed in the “From Email” section. I have spent a considerable amount of time in the last few weeks trying to figure out what in the world is going on, and just stumbled across this tonight. I am glad to find a solution, but I agree that this could have been made more aware. It has been a very time consuming problem that I have had to face and now I need to go back and login to all of those clients emails and reconnect their sites.
I want to add, up until this point, the “WP Mail SMTP” plugin has worked beautifully and I am very glad to have it. I am just expressing my frustration in regards to this most recent change.
Thanks for all you guys do and I am very thankful to you @nvertoletik for posting this!
I had forgotten about this thread. The problems got solved and life went on, sort of. 🙂
Yes, it was somewhat annoying, but in hindsight, there are far bigger problems in the world at the moment. As it is right now, it takes me about 5 mins to set SMTP up from scratch with Gmail, and even less time to reconnect as I’ve done it enough times now. It is one of the first default plugins I install on every site I build. This includes creating admin@mydomain for each new site and using that for all WP generated emails. You could also use no-reply@, whatever you want. This way, all site emails appear to originate from their own address, and not my main generic Gmail address. So it’s very easy to tell which site has just emailed you. You set this up using aliases in your Gmail account. And this with the free version.
Tip of the day, at least this is what works for me: I manage 12 sites right now, most of them mine, but more client sites coming soon. I have a bookmarks folder with a direct link to all the WP dashboards I manage, and I never deliberately log out. So, if something like this happens again and I need to go in and reconnect all of them, or make any other global changes, I just right click on the folder and ‘open all in new window’. And this is on a 9 year old MacBook Pro 13″, with 16GB RAM. This also barely makes a tiny dent in my shared hosting resource usage opening all site admins at once. Bob’s you uncle.
@sean-h I totally agree about this being miniscule in comparison to a lot of other things. I also appreciate the info and the suggestion. I don’t want to sound like a jerk, because I really love this plugin and have been using it for years. I am just saying that it was a pretty big issue for me and my company. It may only take 5 mins to set up a site, but is still takes time to go through all 20 sites and change them to my email temporarily, research the problem, and then fix the issue.
Also, I found out that there was even a problem through one of my clients, because he said he lost a potential client due to them not being able to reach him through the form. Ultimately, he was really upset about it and I had no answers for him or any of the other 19 clients as the weeks went on. It is refreshing to find a solution after 2 weeks of researching, for sure! I login to all of my clients (roughy 50 sites) monthly and update them and review the dashboard for potential errors. There were no errors on the dashboard, so as far as I know there was really no way for me to know of these changes, unless I was running tests on the forms or just randomly double-checking the SMTP settings.
Once again, I am not trying to be a jerk. I am just saying that a change like this would have been nice to get a heads up or something. Lastly, I thank the creators of the plugin for all their hard work. I have experienced the issues they mentioned with the Gmail connections in the past, so it is nice to hear they fixed those issues. Anyways, be blessed and stay safe out there.
Авторизация Google OAuth 2-Ошибка: несоответствие uri перенаправления
на сайте https://code.google.com/apis/console я зарегистрировал свое приложение, настроил сгенерированный идентификатор клиента: и Ключ в мое приложение и попытался войти в систему с помощью Google. К сожалению, я получил сообщение об ошибке:
что значит это сообщение и как я могу это исправить? Я использую камень omniauth-Google-на что OAuth2.
26 ответов
URI перенаправления (куда возвращается ответ) должен быть зарегистрирован в консоли API, и ошибка указывает, что вы не сделали этого или не сделали это правильно.
перейдите к консоли для вашего проекта и посмотрите в разделе доступ к API. Вы должны увидеть свой идентификатор клиента и секрет там, вместе со списком URI перенаправления. Если нужного URI нет в списке, нажмите кнопку Изменить параметры и добавьте URI в список.
в моем случае это был www и non-www URL-адрес. Фактический сайт имел www URL и Авторизованный Перенаправление URIs в консоли разработчика Google было non-www URL-адрес. Следовательно, было несоответствие в перенаправлении URI. Я решил это, обновив Authorized Redirect URIs в консоли разработчика Google для www URL-адрес.
другие общие несоответствия URI:
вот пошаговые скриншоты консоли разработчика Google, так что это было бы полезно для тех, кто получает его трудно найти страницу консоли разработчика для обновления перенаправления URIs.
Если вы используете кнопка Google + javascript, то вы должны использовать postmessage вместо фактического URI. Мне потребовался почти целый день, чтобы понять это, так как документы Google по какой-то причине не ясно заявляют об этом.
Implementing Server-Side Authorization
Requests to the Gmail API must be authorized using OAuth 2.0 credentials. You should use server-side flow when your application needs to access Google APIs on behalf of the user, for example when the user is offline. This approach requires passing a one-time authorization code from your client to your server; this code is used to acquire an access token and refresh tokens for your server.
To learn more about server-side Google OAuth 2.0 implementation, see Using OAuth 2.0 for Web Server Applications.
Contents
Create a client ID and client secret
To get started using Gmail API, you need to first use the setup tool, which guides you through creating a project in the Google API Console, enabling the API, and creating credentials.
Your application’s client IDs and service account keys are now listed on the Credentials page. For details, click a client ID; parameters vary depending on the ID type, but might include email address, client secret, JavaScript origins, or redirect URIs.
Take note of the Client ID as you’ll need to add it to your code later.
Handling authorization requests
When a user loads your application for the first time, they are presented with a dialog to grant permission for your application to access their Gmail account with the requested permission scopes. After this initial authorization, the user is only presented with the permission dialog if your app’s client ID changes or the requested scopes have changed.
Authenticate the user
This initial sign-in returns an authorization result object that contains an authorization code if successful.
Exchange the authorization code for an access token
The authorization code is a one-time code that your server can exchange for an access token. This access token is passed to the Gmail API to grant your application access to user data for a limited time.
If your application requires offline access, the first time your app exchanges the authorization code, it also receives a refresh token that it uses to receive a new access token after a previous token has expired. Your application stores this refresh token (generally in a database on your server) for later use.
The following code samples demonstrate exchanging an authorization code for an access token with offline access and storing the refresh token.
Python
Replace CLIENTSECRETS_LOCATION value with the location of your client_secrets.json file.
Authorizing with stored credentials
When users visit your app after a successful first-time authorization flow, your application can use a stored refresh token to authorize requests without prompting the user again.
If you have already authenticated the user, your application can retrieve the refresh token from its database and store the token in a server-side session. If the refresh token is revoked or is otherwise invalid, you’ll need to catch this and take appropriate action.
Using OAuth 2.0 credentials
Once OAuth 2.0 credentials have been retrieved as shown in the previous section, they can be used to authorize a Gmail service object and send requests to the API.
Instantiate a service object
This code sample shows how to instantiate a service object and then authorize it to make API requests.
Python
Send authorized requests and check for revoked credentials
The following code snippet uses an authorized Gmail service instance to retrieve a list of messages.
If an error occurs, the code checks for an HTTP 401 status code, which should be handled by redirecting the user to the authorization URL.
More Gmail API operations are documented in the API Reference.
Python
Next steps
Once you are comfortable authorizing Gmail API requests, you’re ready to start handling messages, threads, and labels, as described in the Developers Guides sections.
You can learn more about the available API methods in the API Reference.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
How to understand the Google Redirect URI correctly?
From Google Developer Console page, it explains the meaning of «Google Redirect URI» is :
Determines where the response is sent. The value of this parameter must exactly match one of the values registered in the APIs Console (including the http or https schemes, case, and trailing ‘/’).
Not sure, whether this explanation is same as my think or not:
On my app (web application), it allow user to sign-in via Google (Assume, I registered a Google project with ClientID/secrete configured on my web-app, and on Google COnsole page the redirectURI is «http://bbc.co.uk» ).
3 Answers 3
That last sentence is a bit ambiguous. A better description is:
After I login to my Google Account successfully with my Google credentials, Google will redirect my browser back to Redirect URI http://bbc.co.uk that is registered for the web app in the Google > API Console.
Just to be sure: this means that the Redirect URI should be part of your web app. It is not actually Google’s Redirect URI but it is the Redirect URI that you’ve configured in the Google API Console for your web app.
Let me see if i cant explain this in a different way.
What would happen if you didn’t have a redirect URI?
If you go to the Developer console and create a Client ID for native application by default the redirect URI
This will redirect the Authentication back to where ever it was request from. In the case of native installed applications this is needed because there is no way to know where the user is that has installed the application.
Lets look at this in action
If you place the above line in a web browser the user will see something like this
Assuming they select ok then they get this displayed back at them.
That is the Authentication code, not to be confused with the access token. This is just the first step. Once your application has the Authentication code it can then exchanged that for a refresh token and a access token. Most client library handle this step internally. You and your users never see this Authentication code.
Back Redirect URI:
In the case if a web application your web application needs to be able to get a hold of that authentication code. Now I probably shouldn’t be telling you this but you could just use a native application client in your web application and it will work. Why because the authentication server will just return the Authentication code back to where ever it was that requested it. For security reasons this is probably a bad practice.
So what do you need to place in the redirect uri. It is the file that you have ready to handle this authentication code. Normally its just the same as the login page, but you can have several. Just put each of them on separate lines.
I like to do this because then it works when i am testing locally vs when its up on the server.
redirect_uri_mismatch the redirect URI in the request does not match the ones authorized for the OAuth client
I have following client secret
«Error: redirect_uri_mismatch The redirect URI in the request, http://127.0.0.1:8414/authorize/, does not match the ones authorized for the OAuth client.
To update the authorized redirect URIs, visit:». Could you please suggest, how to fix it.
3 Answers 3
When you are creating your credentials in https://console.developers.google.com:
After cliking on Create credentials by choosing OAuth client ID :
Choose Other as Aplication type:
.
You should have this format of credentials:
Now your OAuth2 link should works whatever your port in redirection_uri paramater as http://localhost:8414 for example (with 8414 as random port). And you are no more this error:
Error: redirect_uri_mismatch The redirect URI in the request, http://localhost:8414/authorize/, does not match the ones authorized for the OAuth client.
I just ignored the port in the error message when adding as an Authorized redirect URL.
The redirect uri is the URL where you want Google to return the authencation to. This should be the file that you have set up to handle the Oauth response.
When you created your project in Google Developer console you should have supplied a redirect uri to google that states where you will be sending from and where you would like the response to be returned to.
«Error: redirect_uri_mismatch The redirect URI in the request, http://127.0.0.1:8414/authorize/, does not match the ones authorized for the OAuth client.
means that you are sending from http://127.0.0.1:8414/authorize/ however this is not one of the redirect uris that you have added in Google developer console. Go back to the developer console and add this http://127.0.0.1:8414/authorize/ or http://localhost:8414/authorize/ you may or may not need the ending / as well
Bypass Login
What you need to understand is that most of Googles api data is private user data. In order to access private user data you must have the consent of the user who owns that. We use Oauth2 to request from the user consent for our application to access their data. There is no way to by pass an oauth2 consent.
Unfortunately there is no other way to access the YouTube api. If you want to access private user data you will always have to ask the user for consent at least once and then save the credentials as you are doing now using file data store.