Skip to content

fix: use localhost instead of 127.0.0.1 for OAuth redirect URI#91

Merged
a-bonus merged 1 commit intoa-bonus:mainfrom
Asborien:fix/oauth-localhost-redirect
Mar 23, 2026
Merged

fix: use localhost instead of 127.0.0.1 for OAuth redirect URI#91
a-bonus merged 1 commit intoa-bonus:mainfrom
Asborien:fix/oauth-localhost-redirect

Conversation

@Asborien
Copy link
Copy Markdown
Contributor

@Asborien Asborien commented Mar 22, 2026

Summary

Google's OAuth for Desktop App clients only accepts http://localhost redirects, not http://127.0.0.1. Using the IP literal causes a 400 Bad Request error during the authorization flow.

From Google's documentation:

For loopback IP redirect URIs, use localhost rather than the literal loopback IP address. [...] The 127.0.0.1 form is not supported for desktop app redirect URIs.

Changes

Three occurrences in src/auth.ts updated from 127.0.0.1 to localhost:

  • server.listen(0, '127.0.0.1', ...)server.listen(0, 'localhost', ...)
  • http://127.0.0.1:${port} redirect URI → http://localhost:${port}
  • new URL(req.url!, 'http://127.0.0.1:...')new URL(req.url!, 'http://localhost:...')

Fixes #90

@Asborien
fix: use localhost instead of 127.0.0.1 for OAuth redirect URI
8853b62 
Google's OAuth for Desktop App clients only accepts http://localhost
redirects, not http://127.0.0.1. Using the IP literal causes a 400
Bad Request error during the authorization flow.

Fixes a-bonus#90
@a-bonus a-bonus merged commit 3168d95 into a-bonus:main Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OAuth redirect uses 127.0.0.1 instead of localhost — causes 400 Bad Request for Desktop App clients

2 participants

@Asborien @a-bonus