Gmail API + Make (HTTP OAuth2) → 400 redirect_uri_mismatch even after following docs

How To
1

Goal: Send email via Gmail API using Make’s HTTP → Make an OAuth 2.0 request module (not the built-in Gmail app).

What I set up

  • Google Cloud

    • Project created

    • OAuth consent screen: External

    • Authorized domains: make.com, integromat.com

    • Publishing status: In production (or Testing with my account added as Test user)

    • OAuth client type: Web application

    • Authorized redirect URIs includes (exactly, no trailing slash):

      https://www.integromat.com/oauth/cb/oauth2

  • Make (HTTP → Make an OAuth 2.0 request) connection

    • Authorization URL: https://accounts.google.com/o/oauth2/v2/auth

    • Token URL: https://oauth2.googleapis.com/token

    • Scopes:

      https://www.googleapis.com/auth/gmail.send

    • Access type: offline

    • Prompt: consent

    • (Advanced) Authorize parameters:

      redirect_uri=https://www.integromat.com/oauth/cb/oauth2

    • Using the same Google account I intend to send from.

API call (after connecting):

POST https://gmail.googleapis.com/gmail/v1/users/me/messages/send
Content-Type: application/json

{ "raw": "<base64url of RFC 822 message>" }

Expected: OAuth connection completes; send returns 200 with a message resource.

Actual: During OAuth connect, I get Error 400: redirect_uri_mismatch.
Google’s error page shows a redirect_uri= that should match what I’ve authorized, but it still fails.

What I’ve already tried

  1. Deleted and recreated the Make connection after every change.

  2. Manually typed (not pasted) the redirect URI in Google Cloud to avoid hidden characters.

  3. Confirmed the OAuth client type is Web application (not Desktop/Other).

  4. Verified I’m editing the same Client ID that Make uses.

  5. Removed any OOB (urn:ietf:wg:oauth:2.0:oob) references.

  6. Tried incognito browser and a different browser.

  7. (If Workspace) Checked with admin about App access control / scope allowlisting.

  8. In Make, forced the redirect via Authorize parameters as above.

Questions for the community

  • Is there any scenario where Make’s HTTP OAuth2 uses a different callback (regional/cluster) than https://www.integromat.com/oauth/cb/oauth2?

  • In Testing mode, do I also need to add make.com or integromat.com anywhere else besides “Authorized domains”?

  • Could Workspace policies cause a redirect_uri_mismatch (vs 403/blocked), and if so, what exact admin setting should I verify?

  • Any known quirk with the Authorize parameters → redirect_uri=… override in Make that I should avoid?

Happy to provide (redacted) screenshots

  • The decoded redirect_uri= from Google’s error page.

  • My Google Cloud Authorized redirect URIs list for this Client ID.

  • The Client ID shown in Make’s connection dialog.

Thanks in advance for any pointers!

3

Hi @Maxime_Morvan

Welcome to the community forum!

I’ve tried something similar and I was able to get it working.

I think the problem is that you are manually adding the redirect_uri parameter, but Make will also automatically add that in—so Google is getting confused having it twice. Please could you try removing the “Advanced Authorize Parameter” from the Make HTTP module.

And let us know how it goes.

Regards, Terry.