(Google Authenticator) Access blocked: request is invalid #498
Description
Google states that the OOB flow is being deprecated for all client types i.e. Web applications, Android, iOS, Universal Windows Platform (UWP), Chrome apps, TVs & limited-input devices, Desktop apps.
The Google Authenticator v3.0.8 code creates this message:
"https://accounts.google.com/o/oauth2/auth?redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&client_id=<CLIENT_ID_REMOVED>.apps.googleusercontent.com&response_type=code&access_type=offline&approval_prompt=force&scope=https%3A%
In other words, the code makes a call to the Google OAuth authorization endpoint with the redirect_uri parameter having the following value:
redirect_uri=urn:ietf:wg:oauth:2.0:oob
This creates the following error message:
Error 400: invalid_request
The out-of-band (OOB) flow has been blocked in order to keep users secure. Follow the Out-of-Band (OOB) flow migration guide linked in the developer docs below to migrate your app to an alternative method.
Request details: redirect_uri=urn:ietf:wg:oauth:2.0:oob
Reference: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration