URI Mismatch using Google OAuth2

Hi, I’m currently having an issue with Passport.js and Google OAuth2 when deployed on render. For some reason when I redirect from my application to Google’s OAuth2 service, I get an error stating that there is a mismatch between the URI I have allowed on my google application, and the URI the request is coming from. See here:

When you look at the redirect uri from render.com, it seems to be communicating outbound via http and not https, which doesn’t make much sense. The uri mismatch is clearly caused by the fact that the uri i’ve entered for my google application uses https while the outbound connection from render seems to be using http. How would I make the application use https instead of http?

Here is the code for the routes and controllers:

Controllers:

exports.googleLogin = passport.authenticate('google');

exports.googleRedirect = passport.authenticate('google', {
  successReturnToOrRedirect: `${
    process.env.CLIENT_URL || 'http://localhost:5000'
  }`,
  failureRedirect: '/login',
});

Routes:

authRouter.use(
  '/login/federated/google',
  (req, res, next) => {
    console.log('Google login route hit');
    next();
  },
  googleLogin
);

authRouter.use(
  '/oauth2/redirect/google',
  (req, res, next) => {
    console.log('Google redirect route hit');
    next();
  },
  googleRedirect
);

Express server code:

const app = express();
const PORT = process.env.PORT || 3000;

app.use(
  cors({
    origin: [
      `${process.env.SERVER_URL || 'http://localhost:5000'}`,
      `${process.env.CLIENT_URL || 'http://localhost:5000'}`,
    ], // <-- location of the react app were connecting to
    credentials: true,
  })
);

app.use(
  session({
    secret: process.env.SECRET_KEY || 'secret',
    resave: false,
    saveUninitialized: false,
    cookie: {
      maxAge: 3600000, // 1 hour
      secure: process.env.NODE_ENV === 'production' ? true : false,
      sameSite: 'lax',
    },
  })
);

app.use(passport.initialize());
app.use(passport.session());

app.use(bodyParser.json());

app.use(express.static('build'));

app.use('/api', apiRouter);

app.get('*', (req, res) => {
  res.sendFile(path.join(__dirname, 'build', 'index.html'));
});

app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

Hi there,

This is likely a configuration or coding error within your service. Render would not determine or change the redirect URI sent to Google OAuth. What have you set CLIENT_URL to?

Regards,

Keith
Render Support, UTC+10 :australia: