I have been using Google's OAuth 2.0 authentication on my site for years. Recently it stopped working because the redirect_uri I had used http://
and Google now apparently requires https. My site supports https so I changed my local client_secrets.json file to use https and also went to the Google Cloud Platform page on credentials, selected the OAuth 2.0 Client ID, and made sure the entry under Authorized redirect URIs had https://
as well. After restarting my web server, authentication still fails because the redirect_uri is still using http://
.
Is this just a caching issue and will go away in an hour/day? Is there something else I have to do to update the redirect URI or to tell Google to refresh it?
You state because the redirect_uri is still using http://. What is using that URI? Do you have paths hardcoded in your application?
Or do you mean that the callback from Google is going to your HTTP endpoint? Your code informs Google of the callback URI. Google verifies that the URI is on the approved callback list. Double-check your application code for hardcoded URIs.
Another possibility is that you are behind a proxy (load balancer) and your app thinks the scheme is HTTP when it is really HTTPS. That will require updating your app to support the HTTP header X-Forwarded-Proto.