Error Saving the Google Ads Refresh Token: redirect_uri_mismatch

[BawdyLotion]

Following the setup instructions to link to google ads. I've watched the setup video multiple times but am running into the same problem. When authorizing the app I receive the following error message.

"Error Saving the Google Ads Refresh Token . Details: redirect_uri_mismatch. Please Try Again!"

I've confirmed that my environment variables list the FQDN being used for serpbear and that it matches under "Authorized redirect URIs". It is using the proper FQDN:port/api/adwords format shown in the setup guide and when viewing the URI directly I do receive the expected "No Code Provided By Google. Please Try Again!" response.

I'm sure it's some basic setting I've overlooked but as much as I search the documentation, I'm not seeing what I'm missing.

[carsaig]

Confirmed. BTW: the integration on google cloud side requires a full TLD, not a local IP for the redirect URL. Sure, http://localhost:1234/ will cut it, but that implies the app is running on a machine propagating localhost on the local network (in my case it does not as it runs on my NAS and my local DNS is not provided by the NAS). Using something like http://searpbear.local:1234/ doesn't work either. Only TLD endings accepted.
So I configured a TLD on my reverse proxy, patched the required ports through my firewall and tried again. No success.
Google revokes the authentication request with Error 400: "redirect_uri_mismatch" Request details: "redirect_uri=https://serpbear.tld.xyz/api/adwordsflowName=GeneralOAuthFlow"

"You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.
If you're the app developer, register the redirect URI in the Google Cloud Console."

This leaves me without a useful answer. My URI is valid. And SerpBear is reachable on this domain.
My guess is, that the request going out from SerpBear is deprecated. I haven't checked the outgoing request with a proxy yet, will do later and see, what the google docs expect as a request.
https://developers.google.com/identity/protocols/oauth2/web-server?hl=de#authorization-errors-redirect-uri-mismatch

UPDATE:
The issue is related to routing on my NAS (Synology). It's probably header related. I'm no Expert. The inbound requests get patched through the reverse proxy to the docker container running on the NAS. That's where things go sideways. As the reverse proxy works in my alternative scenario it can only be the internal route to the docker container spoiling the fun.
However, running it locally on a RPI5 did the trick. The request inbound still hits the NAS reverse proxy, but then I forward them to a local IP, respectively my RPI5 where the app is running on, instead of the containers running on the NAS itself. The RPI runs on a dietpi distro and doesn't cripple the headers as Synology does. Issue solved. Not nice, just a workaround but it does the trick until I find out what is going on with the routing behind the NAS reverse proxy...

[JvB94]

same issue here. running on a ubuntu vps.

[alexionegit]

Hello dear friends,

I am unsuccessful in integrating SerpBear v 2.0.2 with Google Ads. The app is hosted on my personal server on a https subdomain proxied by Cloudflare.

I get the redurect_uri_mismatch error and if I refresh that page I get the invalid_grant error.

I have tried to have the Oath consent screen in test mode and as well as published.

I read and tried most of the fixes suggested on these pages.

NEXT_PUBLIC_APP_URL = Authorised redirect URIs in Google Cloud Platform, Credentials

I do not even know what to do next.

Could you please help me?

Thank you! @towfiqi

Alex

[razrinn]

Hi @towfiqi thanks for the amazing apps. I recently stumbled upon the "Error Saving the Google Ads Refresh Token . Details: redirect_uri_mismatch. Please Try Again!" problem too. In my case I'm using Docker Compose & Apache as reverse proxy.

When I follow the guide, I skipped this step to set nginx config & forget to add the apache equivalent of it.

location / {
	
	proxy_pass http://localhost:3000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
}

So, after realizing the problem, I finally got Google Ads integration working. Here's my working Apache config for anyone that has the same setup with me.

# Request Header
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RequestHeader set X-Forwarded-For %{REMOTE_ADDR}s
RequestHeader set Host %{HTTP_HOST}s

# Preserve original headers
ProxyPreserveHost On

[towfiqi]

@razrinn Thanks for your input. I am sure the folks above will find it useful.