Google OAuth: redirect_uri_mismatch
This error occurs when the redirect URI used by SpaceDF does not exactly match the Authorized Redirect URI configured in the Google Cloud Console.
Symptoms
Google shows an error page with:
Error 400: redirect_uri_mismatchGoogle login works in one environment (local or production) but fails in another.
The login flow redirects to Google, then immediately fails.
Common causes (SpaceDF-specific)
GOOGLE_CALLBACK_URLin.envdoes not match the redirect URI configured in Google Cloud Console.- The redirect URI is correct, but:
- Protocol is different (
httpvshttps) - Port is different (
3000vs80) - Trailing slash mismatch
- Protocol is different (
- Production domain is not added to Google OAuth settings.
- Switching from Quick Start to Advanced Setup without updating OAuth settings.
Fix
Verify GOOGLE_CALLBACK_URL
Check your .env file:
# Development
GOOGLE_CALLBACK_URL=http://localhost:3000
# Production
GOOGLE_CALLBACK_URL=https://your-domain.comDo not include
/auth/google/callbackinGOOGLE_CALLBACK_URLSpaceDF appends it automatically.
Update Google Cloud Console
Go to the Google Cloud Console
Navigate to APIs & Services → Credentials
Select your OAuth 2.0 Client ID.
Under Authorized redirect URIs, add:
# Development
http://localhost:3000/auth/google/callback
# Production
https://your-domain.com/auth/google/callbackThe URI must match exactly, including protocol, domain, port, and path.
Restart SpaceDF services
After updating .env, restart all services:
docker compose down
docker compose up -dCommon mistakes to avoid
❌ Using localhost in production
❌ Mixing HTTP and HTTPS
❌ Missing the /auth/google/callback path in Google Console
❌ Adding trailing slashes inconsistently
❌ Forgetting to restart services after changing .env
Notes
- Google OAuth is not enabled in Quick Start.
- This error only applies when using Advanced Setup.
- Each environment (local, staging, production) requires its own redirect URI entry.