64

I'm trying to set a web service that needs the user's Google Latitude info, so I'm using Google OAuth to get the user authorization stuff.

However, when trying to set the redirection URI in the Google APIs Console for a web application client ID I get a message error if I try to set it to 'http://PUBLIC_IP/'.

I need to test it with non local users (thus localhost can't be used), so I would like to know if having a web domain is mandatory in order to use Google's OAuth. If not, how can I solve this issue?

Improve this question

9 Answers 9

Reset to default
61

This is not currently supported. I filed a feature request and will update on progress.

Update: Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.

Improve this answer
7
  • 3
    Notably also custom TLD's are not supported. I would love it if the oauth could redirect to a URI within my private network, but that does not seem to be supported. Is it confirmed as non-supported? Thanks.
    – meawoppl
    Commented Jan 12, 2013 at 20:33
  • 2
    Is there a link to the feature request?
    – tsuna
    Commented May 4, 2015 at 0:43
  • It is December 30th 2017 and public IPs+Reserved TLD do still not work. :( There are reserved TLD (tools.ietf.org/html/rfc2606) and it should be supported to make local development a lot easier.
    – vee
    Commented Dec 30, 2017 at 16:10
  • 1
    What I'm doing for development is using ssh port forwarding to map a uri that Google OAuth will allow, to the IP address of the server I'm actually using for development. From the server being used as the allowed uri: ssh -L 8080:localhost:8080 user@<dev-server-address>.
    – theferrit32
    Commented Jan 22, 2018 at 23:18
  • Google do not have any plans to add public IP's as trusted, simply they do not trust an IP. There can be many potential threats associated with this including man in the middle attacks and identity thefts. In simple words , you are not the real owner of your IP, you just own it for the time being, tomorrow it can be in anyone else's hand.
    – Clain Dsilva
    Commented May 15, 2019 at 11:04
57

You can use xip.io to work around it.

For example: '192.168.0.50.xip.io:3000' will resolve to '192.168.0.50:3000'

Improve this answer
4
  • With this, I could setup a Google Signin mechanism to my app during Dev. I was able to configure the redirect_uri, with my docker-machine ip address. Great !
    – Johan Chouquet
    Commented Mar 29, 2017 at 10:40
  • I tried your solution. It did the job, but when i'm using chrome it shows warning message that the site might be "deceptive"
    – Va1iant
    Commented Nov 27, 2017 at 8:08
  • 1
    This was working fine for me, but then it didn't.., to make it work again I had to whitelist both http://xip.io and the xip address with my IP (ej. http://192.168.0.50.xip.io:3000). Mind that the address that you enter in your browser has to be exactly the same that the one you whitelisted.
    – Adrian Guerrero
    Commented Aug 29, 2018 at 22:19
  • 1
    It looks like xip.io has changed to nip.io
    – Islam
    Commented May 11, 2023 at 13:44
13

I ran into this issue too and so I entered a URL with a .com extension and also entered it into my /etc/hosts file. Works like a charm.

It totally sucks that my entire app now has to be developed on an apparently 'live' domain though.

Improve this answer
2
  • Same to me. I have mydomain.com on live domain. I have to add mydomain-localhost.com to windows host file and enter this domain in Google api. That sucks.
    – vee
    Commented Dec 30, 2017 at 16:12
  • This can work for a single computer in a LAN network only. For multiple computers then it cannot access the said URL.
    – GeneCode
    Commented Jan 6, 2020 at 1:35
7

I used my public hostname. It helps if you have a static IP address. I used http://www.displaymyhostname.com/ to get my hostname. I plugged it straight into the Authorized JavaScript origins field when I created a new Web Application Client ID.

P.S. My hostname looked something like this: 111.111.111.111.static.exetel.com.au

Improve this answer
3
  • 1
    Thank you for this answer, it worked for me. I forgot the hostname given by amazon (ec2-<public-ip>.<region>.compute.amazonaws.com) should already work, this link gave me that. :)
    – ciuncan
    Commented Jul 10, 2015 at 22:52
  • @ciuncan I am using AWS Cloud9 and got my hostname from this method but am still receiving the error even though I've added to both whitelist and redirect URI. How did you solve this? I've tried with and without port
    – Vincent Nguyen
    Commented May 8, 2018 at 18:03
  • my hostname is just IP address using this tool. So this cannot work.
    – GeneCode
    Commented Jan 6, 2020 at 1:22
4

You can use a dynamic DNS. I used ddns.net which offers a free solution. Basically, you enter your FQDN as this: yourcompany.ddns.net as your domain. When looked up for an IP address, the .net domain points to ddns; when ddns.net is looked up, it looks up in its database for your company, returns the IP. So mine looks like this: https://wigwam.ddns.net and everything works fine. You don't need to buy a domain, you can substitute your known IP, and Google is happy with that.

Your IP must be static, of course.

Improve this answer
2
  • This solution is not good because the dns will auto expire every 30 days.
    – GeneCode
    Commented Jan 6, 2020 at 0:07
  • Anything free cannot be expected to meet any SLA, or be free for very long. The OP needed to test, and this provides that opportunity to do so.
    – Andrew Jay
    Commented Jan 6, 2020 at 2:30
3

Yes, as of now you still need to have a domain name to use Google OAuth in your application. If you have a static public IP and don't want to buy a domain name, you could use a free subdomain from FreeDNS to link to your public IP. Seemed to work well enough for me with a Django app.

Improve this answer
1
  • 1
    Create a Instant Free Sub Domain and use it in your application all DNS names work awesome
    – Raja Nagendra Kumar
    Commented Feb 28, 2016 at 8:51
3

xip.io is not working anymore as an alternative you can use nip.io the same way for example:
10.0.0.1.nip.io:8000 will resolve to 10.0.0.1:8000
You can use it as a work around

Improve this answer
4
  • you can also change your ip to localhost:8000 or 127.0.0.1:8000 it will work fine
    – Mohcen CH
    Commented Sep 20, 2021 at 23:26
  • google allows localhost for testing, op might want to point to custom IP.
    – varaprasadh
    Commented Nov 22, 2021 at 12:27
  • What does the nip.io means?
    – Luis Felipe
    Commented Mar 17, 2023 at 14:24
  • @LuisFelipe go to nip.io and you'll understand what it means , i don't get exactly what do you mean by what does it mean
    – Mohcen CH
    Commented Mar 17, 2023 at 23:22
0

Echoing what Breno said in response to his earlier comment:

Apologies for the lack of updates here. Essential app verification activities have continued to make support of IP address-based apps unlikely. These verification activities are necessary to provide protections against abuse of user accounts. In addition, the cost of setting up dedicated domains has been reduced significantly since this feature was requested. Please read other responses here about possible options.

You can read more about Google's app verification requirements [1] and Google's policies requiring secure handling of data [2].

[1] https://support.google.com/cloud/answer/9110914?hl=en

[2] https://developers.google.com/identity/protocols/oauth2/policies#secure-response-handling.

Improve this answer
0

It seems like xip.io is down, but there are alternatives such as sslip.io and nip.io. However, I couldn't get either of these to work.

I ended up hosting the main file server on the main machine, and ran said server on a 192.168.1.xx IP address. I then ran servers on each of the test machines (including a second server on the main machine), all of which were on the localhost address. Any requests that the localhost servers received were then passed off to the 192.168.1.xx server, which allowed testing on all of the devices.

This should also work with public facing IP addresses.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.