Error with Google Auth in a Streamlit app Error 400: invalid_request "Access blocked: authorisation error"

:slight_smile: i everyone!

I’m developing a Streamlit app that integrates with Google Sheets using OAuth 2.0 for authentication. However, I’m bumping once and again into a Error 400: invalid_request stating that a required parameter, redirect_uri, is missing when trying to authenticate.

I’ve checked my Google Cloud Console settings and my application code but haven’t been able to resolve the issue. Here are the relevant parts of my code and setup:

from google_auth_oauthlib.flow import InstalledAppFlow
import streamlit as st

def authenticate_google():
    client_config = {
        "web": {
            "client_id": st.secrets["google_oauth"]["client_id"],
            "project_id": st.secrets["google_oauth"]["project_id"],
            "auth_uri": st.secrets["google_oauth"]["auth_uri"],
            "token_uri": st.secrets["google_oauth"]["token_uri"],
            "auth_provider_x509_cert_url": st.secrets["google_oauth"]["auth_provider_x509_cert_url"],
            "client_secret": st.secrets["google_oauth"]["client_secret"],
            "redirect_uris": st.secrets["google_oauth"]["redirect_uris"],
            "javascript_origins": st.secrets["google_oauth"]["javascript_origins"]
        }
    }
    flow = InstalledAppFlow.from_client_config(
        client_config, 
        scopes=['https://www.googleapis.com/auth/spreadsheets.readonly']
    )
    auth_url, _ = flow.authorization_url(prompt='consent')
    return auth_url

The OAuth redirect_uris Configuration in my secrets.toml:

redirect_uris = ["http://localhost:8501", "https://your-app-name.streamlitapp.com"]

My attempted fixes:

  • Ensured redirect_uris are correctly configured in the Google Cloud Console matching those in secrets.toml.
  • Checked that the redirect_uri used in the authorization_url() call matches one registered in Google Cloud Console.
  • Tried removing explicit redirect_uri settings in the code to rely on configuration via secrets.toml.


My questions would be:

  1. What might be causing the redirect_uri parameter to be missing despite being configured in the OAuth client setup?
  2. Is there a specific format or configuration I might be overlooking that could cause this issue?