Not a valid origin for the client from Google API Oauth

Question

I'm receiving this error from Google API Oauth:

idpiframe_initialization_failed", details: "Not a valid origin for the client: http://127.0.0.…itelist this origin for your project's client ID

I'm trying to send a request from this local path:

http://127.0.0.1:8887/

And I already added this URL to the Authorized JavaScript origins section:

This is my code:

<!-- The top of file index.html -->
<html itemscope itemtype="http://schema.org/Article">
<head>
  <!-- BEGIN Pre-requisites -->
  <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js">
  </script>
  <script src="https://apis.google.com/js/client:platform.js?onload=start" async defer>
  </script>
  <!-- END Pre-requisites -->

<!-- Continuing the <head> section -->
  <script>
    function start() {
      gapi.load('auth2', function() {
        auth2 = gapi.auth2.init({
          client_id: 'MY CLIENT ID.apps.googleusercontent.com',
          // Scopes to request in addition to 'profile' and 'email'
          //scope: 'https://www.google.com/m8/feeds/'
        });
      });
    }
  </script>




</head>
<body>


<button id="signinButton">Sign in with Google</button>
<script>
  $('#signinButton').click(function() {
    // signInCallback defined in step 6.
    auth2.grantOfflineAccess().then(signInCallback);
  });
</script>



<!-- Last part of BODY element in file index.html -->
<script>
function signInCallback(authResult) {
  if (authResult['code']) {

    // Hide the sign-in button now that the user is authorized, for example:
    $('#signinButton').attr('style', 'display: none');

    // Send the code to the server
    $.ajax({
      type: 'POST',
      url: 'http://example.com/storeauthcode',
      // Always include an `X-Requested-With` header in every AJAX request,
      // to protect against CSRF attacks.
      headers: {
        'X-Requested-With': 'XMLHttpRequest'
      },
      contentType: 'application/octet-stream; charset=utf-8',
      success: function(result) {
        // Handle or verify the server response.
      },
      processData: false,
      data: authResult['code']
    });
  } else {
    // There was an error.
  }
}
</script>
  <!-- ... -->
</body>
</html>

How can I fix this?

Possible duplicate of [Google API authentication: Not valid origin for the client](http://stackoverflow.com/questions/42566296/google-api-authentication-not-valid-origin-for-the-client) — DaImTo, May 19 '17 at 11:36
How do you get to that "Authorized JavaScript origins section" as shown in the screenshot? — stevepowell2000, Apr 15 '19 at 15:38

Kirill Kovalevskiy · Answer 1 · 2020-05-31T19:11:57.320

122

Reseting Chrome cached solved it for me. Long press on Reload button, then Empty Cache and Hard Reload.

Note: Make sure your Chrome Dev tools panel is open otherwise long press wont work.

edited May 31 '20 at 19:11

answered Mar 01 '19 at 05:55

Kirill Kovalevskiy

1,433
2
8
6

7

A kind of solution is **to check in incognito mode**. Sometimes hard reload doesn't fit in. – Black Mamba Mar 31 '19 at 06:24
1

I was already checking console logs for error and I just checked the "disable cache" option in Network tab in dev console, and voila the error was gone. – Nishant Desai May 06 '19 at 21:21
I'm so glad I scrolled past the other answers to see this. It worked and was so simple and quick. – Bob Horn May 31 '20 at 15:33
Apart from the accepted answer this is a must try answer. I had done everything that was specified in the accepted answer followed by this answer. – utkarsh-k May 14 '21 at 20:15

score 96 · Answer 2 · answered Jun 11 '17 at 19:50

96

I had a very similar issue to yours. I tried to add multiple whitelisted ports from localhost and nothing was working. Ended up deleting the credentials and setting them up again. Must have been a bug on googles end for my setup.

answered Jun 11 '17 at 19:50

Andrew McOlash

1,232
8
8

10

LOL this worked... this has been the solution to so many google api issues in the past... definitely need to remember this one. (wtf google???) – Farzher Dec 09 '17 at 10:42
Yup, only thing that works for me too. This has been an issue for at least a year. What's going on? – Craig Lafferty Dec 19 '17 at 20:46
LOL.... This is one of the funniest things I've encountered in 20 years of writing software. Worked indeed. – ZenMaster May 27 '18 at 13:24
4

This is not funny. This is sad. – Rudey May 28 '18 at 13:44
2

What's sad is that I have gotten so many upvotes (and continue to get them) for this answer since nothing seems to have changed – Andrew McOlash Sep 22 '18 at 06:27
1

This answer reminds me of my Windows tech support days. "Have you tried rebooting?" Fixed 95% of issues. Have an upvote! – Michael Ekoka Nov 09 '18 at 09:25
4

Yep, 2019 here, still not fixed – Geoffrey H Feb 25 '19 at 17:37
1

Continues to be an issue. Fixed as described here. Crazy. – Patrick Apr 09 '19 at 14:37
2019 ending and still the issue persists.. Thanks for the solution! – Prakhar Londhe Sep 17 '19 at 04:38
September 2019 - I encountered the same problem. This solution worked for me as well. – Jonathan Sep 19 '19 at 11:06
I had the same problem, and yes, it fixed only when I created new credentials, editing existing doesn't work at all. – Vedmant Mar 08 '20 at 04:16
1

Mar 2020, confimred it is still not fixed. – Weihang Jian Mar 10 '20 at 09:00
October 2020, still the only solution that worked for me. – Kavin2468 Oct 02 '20 at 16:48

score 11 · Accepted Answer · answered May 28 '17 at 01:48

11

If it's all the same to you, try adding http://localhost:8887 to your authorized JavaScript origins instead. Had that error myself at some point and this fixed it. Know that you will have to use this URL for your request as well event though it translates to http://127.0.0.1:8887/.

answered May 28 '17 at 01:48

user7191932

148
1
6

5

How do you do that? – BradLaney Nov 12 '17 at 23:15
I tried before at localhost:3000 and it didn't work, but localhost:8887 worked, I couldn't imagine that was so simple! thanks! – G4BB3R May 31 '20 at 07:30

score 9 · Answer 4 · answered Oct 16 '17 at 07:25

9

I read on several places on the web people use to redo the creation of the credentials to get it to work.
So I did, I created a new credential for the same project and used my new user-id and it worked perfectly... Looks like the edition of the whitelist is a bit flacky...

Nb: I also used localhost instead of 127.0.0.1, IPs are not valid.

answered Oct 16 '17 at 07:25

VincentTellier

519
5
13

This saved my day. – Simone Jun 04 '20 at 18:14

user5886944 · Answer 5 · 2019-12-10T22:51:00.183

5

I fiddled around for about 10 minutes and then it finally worked when I tried http://localhost/ in the browser (instead of 127.0.0.1)

Added the url at every place you can do white-lists at: https://console.developers.google.com/apis/credentials/

edited Dec 10 '19 at 22:51

answered Jun 13 '18 at 10:59

user5886944

144
1
6

mahemoff · Answer 6 · 2018-08-07T15:44:04.290

1

"Not a valid origin for the client" seems to be over-used by Google's API, i.e. it's misleadingly used for authentication errors too.

For people seeing the error, check that the credentials are correct.

(This might explain why it works for some people after re-creating credentials - in some cases, the original credentials might not have been correct).

edited Aug 07 '18 at 15:44

answered Aug 03 '18 at 09:28

mahemoff

38,430
30
133
196

ID doesn't have to end with ".apps.google.com". Error does occur when you add a new whitelisted URL in an existing client. Creating a new client fixes the issue. – Dipen Bhikadya Aug 07 '18 at 11:51
1

Thanks, I updated it. Some of Google's docs do use ".apps.google.com" in the examples so Google themseves seem to be propagating that apparent myth. – mahemoff Aug 07 '18 at 15:44

score 0 · Answer 7 · answered Sep 08 '19 at 13:04

I just went through all of these solutions before realizing I was putting in

https://localhost:3000

and my dev server was serving up

http://localhost:3000

Stupid, I know, but someone else will probably make the same mistake and perhaps this comment will help them :)

score 0 · Answer 8 · answered Nov 26 '19 at 10:27

0

What worked for us was adding a non-localhost domain to the authorized origins. My colleague had his localhost-domains working after adding a non-existing local domain, e.g. http://test-my-app.local.

answered Nov 26 '19 at 10:27

Rex

611
9
19

Are you saying you (or your colleague) used `http://test-my-app.local` in Authorized JavaScript origins, like the picture from the OP? I used that exact origin and it didn't work. It acts like it works until you press "Sav" and then you see an error message: `The request failed because one of the field of the resource is invalid.` That happens to me for any non regular TLD, such as `.local` or `.test`. – Tyler Collier Nov 02 '20 at 21:17

score 0 · Answer 9 · edited Apr 08 '20 at 23:58

0

I had this same issue; but this is what worked for me:

Open console.developers
Open the project name
Click on the credentials
Under the "name", click on the "web client 1"
Under the "URLs", add "http://localhost:3000"

edited Apr 08 '20 at 23:58

CertainPerformance

260,466
31
181
209

answered Apr 08 '20 at 19:32

Philipedia

1

score 0 · Answer 10 · answered Oct 09 '20 at 11:00

0

It might be in case, while you are using same email id for creating client id and for sign-in through webpage

answered Oct 09 '20 at 11:00

Sahil Mujawar

75
6

score 0 · Answer 11 · answered Apr 06 '21 at 15:38

0

I solved via adding both http://localhost and http://localhost:8083.

answered Apr 06 '21 at 15:38

user1867537

51
1
4

user2819304 · Answer 12 · 2021-05-21T13:00:38.043

0

just my 2 cents.. was able to get it working after deleting and recreating the credentials. Just as suggested above.

edited May 21 '21 at 13:00

answered May 21 '21 at 12:19

user2819304

11
2

Not a valid origin for the client from Google API Oauth

12 Answers12

Linked