My web server only allows access via https to the Discourse instance I am running. It automatically redirects http requests to https. I have set Discourse to use https via the
use https setting in the
Security settings category. Generally, Discourse works fine with that setting. Regarding Google OAuth, however, I needed to remove the
s from the
https in the allowed redirect URI setting in the Google dashboard. The redirect URI in the API call sent by Discourse has the
s removed (it specifies
http://... instead of
https://...). Therefore the URI I originally set in the Google dashboard does not match the redirect URI provided by Discourse in the API call.
As I have set my web server to redirect from http to https, this could be worked around by removing the
s in the Google dashboard. The real fix, however, would be that Discourse sends the proper redirect URI in the API call in the first place.
I reproduced that with a checkout from yesterday.