Google idp keep getting Error 400: redirect_uri_mismatch
Hi guys
does anyone having issues connecting zitadel with google? i keep getting redirect url error and i even try to delete my instance and re-create it again, but i keep getting same error.
i already make sure that i use the correct redirect url:
if i check the detailed error:
redirect_uri=https://rtglabs-p3mhza.us1.zitadel.cloud/idps/callback flowName=GeneralOAuthFlow
seems not the correct url although i already uses the correct one in my google console
9 Replies
Hi @alka_99, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
For Google as an Identity Provider in ZITADEL, the redirect URI you must use is the one provided in the ZITADEL Console when configuring the Google provider template. You need to copy this exact ZITADEL Callback URL and register it as an Authorized redirect URI in your Google Cloud Console. If the redirect URI in the error does not match exactly (character for character) what is in your Google API Console, Google will show a redirect_uri_mismatch error. Double-check that there are no typos, extra spaces, or differences in protocol (https/http) , and that you are using the exact URL shown by ZITADEL in the Identity Provider configuration screen. If you have overwritten or customized settings per organization, ensure you are using the correct Callback URL for that context (1) .
To learn more, see the sources I considered:
[1] Configure Google as an Identity Provider in ZITADEL
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
@Ask Inkeep i already uses the redirect url that zitadel provided, but still having same error
Thanks for the follow-up, @alka_99. I'll get back to you soon.
Answer
If you are still getting a redirect URI error even after using the redirect URL provided by ZITADEL, the documentation highlights a few important checks:
- The redirect URI you register in the Google Cloud Console must match the ZITADEL Callback URL exactly—character for character—including protocol (https) , domain, and path.
- Double-check for any typos, spaces, or mismatches between the Google Console and what ZITADEL displays.
- If you have organization-specific settings, make sure you are using the correct callback URL for that context.
- By default, the callback URL takes the form:
This is what should be registered as the Authorized redirect URI in your Google project (1) . If all values match and you still see the error, try: - Removing and re-adding the redirect URI in both ZITADEL and Google Cloud. - Using an incognito/private browser window to avoid cached login state. For more details, see the official documentation: Configure Google as an Identity Provider in ZITADEL To learn more, see the sources I considered: [1] Configure Google as an Identity Provider in ZITADEL Feel free to tag @Ask Inkeep with additional questions.
This is what should be registered as the Authorized redirect URI in your Google project (1) . If all values match and you still see the error, try: - Removing and re-adding the redirect URI in both ZITADEL and Google Cloud. - Using an incognito/private browser window to avoid cached login state. For more details, see the official documentation: Configure Google as an Identity Provider in ZITADEL To learn more, see the sources I considered: [1] Configure Google as an Identity Provider in ZITADEL Feel free to tag @Ask Inkeep with additional questions.
@Ask Inkeep in the identity configure it says that i need to use
https://rtglabs-p3mhza.us1.zitadel.cloud/ui/login/login/externalidp/callback
i already uses this and still no luck
Welcome Back!
Enter your login data.
Thanks for the follow-up, @alka_99. I'll get back to you soon.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. [Configure Google as an Identity Provider in ZITADEL][(2) ]:
Explains that you must use the exact ZITADEL Callback URL shown in your configuration as the Authorized redirect URI in Google Cloud, and describes key troubleshooting steps for redirect URI errors.
2. [How to use a custom OAuth callback URL for the external IdP][(7) ]:
Clarifies that ZITADEL uses built-in callback URLs for external IdPs and does not allow customizing the internal redirect URI; proxying may be required if you need a custom endpoint.
Feel free to tag @Ask Inkeep with additional questions.
trying the github idp, have same error too
if i use
https://rtglabs-p3mhza.us1.zitadel.cloud/idps/callback for github and google, its actually working.
this url is not the one that reflected in the idp config