Google OAuth error
Google OAuth redirect_uri_mismatch.
Google rejects the authorization request when the app-sent redirect URI is not listed under the exact OAuth client’s Authorized redirect URIs.
Google-specific failure stage
Google OAuth client found: the request includes a client ID.
Failed first: Google did not find the exact redirect URI under that client.
Not proven yet: consent screen, scopes, refresh token, and API enablement.
Google evidence matrix
| Evidence | Likely Google cause | First check |
|---|---|---|
| URI is in Authorized JavaScript origins only | Wrong Google field | Add the full callback path under Authorized redirect URIs. |
| Several OAuth clients exist | App uses different client ID | Open the exact client ID from the error/request. |
| WordPress plugin callback changed after migration | Old callback registered | Copy the plugin-generated callback from current production. |
| Testing app works, production fails | Test/prod OAuth client split | Register production URI on the production client. |
Google error includes http:// | Canonical URL or plugin config sends HTTP | Fix site URL/proxy settings so the app sends HTTPS. |
Bad Google setup
Authorized JavaScript origins:
https://example.com
Authorized redirect URIs:
(empty)
App sends:
https://example.com/wp-admin/admin.php?page=my-plugin-google-callbackCorrect Google pattern
Authorized JavaScript origins:
https://example.com
Authorized redirect URIs:
https://example.com/wp-admin/admin.php?page=my-plugin-google-callback
Pattern to verify in your environment.What this is not
- It is not fixed by enabling more Google APIs.
- It is not a refresh token issue; Google has not returned an authorization code.
- It is not solved by changing Authorized JavaScript origins when the callback path is missing.
- It is not always the same OAuth client you edited in Google Cloud Console.
Google console checklist
- Find the exact client ID used by the app or plugin.
- Open Credentials, not only the consent screen.
- Place the full callback URL under Authorized redirect URIs.
- Keep JavaScript origins as origins only, without callback paths.
- Retest after saving; Google settings can take a short moment to propagate.