Lovable auth

OAuth Callback URL Mismatch with GitHub/Google Provider

OAuth authentication fails with error 'redirect_uri_mismatch' or callback page shows blank/error. Users cannot sign in via GitHub or Google because the configured redirect URL doesn't match.

OAuth providers validate that the redirect URL matches exactly what was registered. Any difference in protocol, domain, path, or query parameters will cause the mismatch error.

Error Messages You Might See

error=redirect_uri_mismatch invalid_request The redirect_uri provided is not registered
error=redirect_uri_mismatchinvalid_requestThe redirect_uri provided is not registered

Common Causes

  1. Localhost used in development but https://mysite.com in production config
  2. Port number mismatch (localhost:3000 vs localhost:5173)
  3. Protocol mismatch (http vs https)
  4. Trailing slash differences in callback URL
  5. Using wrong site domain after deployment

How to Fix It

In Supabase dashboard > Authentication > Providers > GitHub/Google, set redirect URLs:

Development: http://localhost:5173/auth/callback

Production: https://yourdomain.com/auth/callback

Create both entries if supporting both environments. Ensure Vite dev server runs on the exact port configured.

Real developers can help you.

Prakash Prajapati Prakash Prajapati Iā€™m a Senior Python Developer specializing in building secure, scalable, and highly available systems. I work primarily with Python, Django, FastAPI, Docker, PostgreSQL, and modern AI tooling such as PydanticAI, focusing on clean architecture, strong design principles, and reliable DevOps practices. I enjoy solving complex engineering problems and designing systems that are maintainable, resilient, and built to scale. Jared Hasson Jared Hasson Full time lead founding dev at a cyber security saas startup, with 10 yoe and a bachelor's in CS. Building & debugging software products is what I've spent my time on for forever Simon A. Simon A. I'm a backend developer building APIs, emulators, and interactive game systems. Professionally, I've developed Java/Spring reporting solutions, managed relational and NoSQL databases, and implemented CI/CD workflows. Matthew Butler Matthew Butler Systems Development Engineer @ Amazon Web Services PawelPloszaj PawelPloszaj I'm fronted developer with 10+ years of experience with big projects. I have small backend background too Richard McSorley Richard McSorley Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures. Kingsley Omage Kingsley Omage Fullstack software engineer passionate about AI Agents, blockchain, LLMs. Basel Issmail Basel Issmail ā€™m a Senior Full-Stack Developer and Tech Lead with experience designing and building scalable web platforms. I work across the full development lifecycle, from translating business requirements into technical architecture to delivering reliable production systems. My work focuses on modern web technologies, including TypeScript, Angular, Node.js, and cloud-based architectures. I enjoy solving complex technical problems and helping teams turn product ideas and prototypes into working platforms that can grow and scale. In addition to development, I often collaborate closely with product managers, business analysts, designers, and QA teams to ensure that solutions align with both technical and business goals. I enjoy working with startups and product teams where I can contribute both as a hands-on engineer and as a technical partner in designing and delivering impactful software. Dor Yaloz Dor Yaloz SW engineer with 6+ years of experience, I worked with React/Node/Python did projects with React+Capacitor.js for ios Supabase expert Franck Plazanet Franck Plazanet I am a Strategic Engineering Leader with over 8 years of experience building high-availability enterprise systems and scaling high-performing technical teams. My focus is on bridging the gap between complex technology and business growth. Core Expertise: šŸš€ Leadership: Managing and coaching teams of 15+ engineers, fostering a culture of accountability and continuous improvement. šŸ—ļø Architecture: Enterprise Core Systems, Multi-system Integration (ERP/API/ETL), and Core Database Structure. ā˜ļø Cloud & Scale: AWS Expert; architected systems handling 10B+ monthly requests and managing 100k+ SKUs. šŸ“ˆ Business Impact: Aligning tech strategy with P&L goals to drive $70k+ in monthly recurring revenue. I thrive on "out-of-the-box" thinking to solve complex technical bottlenecks and am always looking for ways to use automation to improve business productivity.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

Do I need HTTPS for callbacks?

Yes for production. Development with localhost HTTP is allowed. All production URLs must use HTTPS.

How do I use different URLs for dev and prod?

Register both URLs in the OAuth provider settings. Use environment variables to switch between them.

Related Lovable Issues

Supabase Auth Session Not Persisting Across Page Reloads

auth

Row Level Security (RLS) Policy Blocks All Database Access

auth

JWT Token Expires Silently Causing Unexpected Logout

auth

Auth State Lost During Navigation or Redirect

auth

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help