Google OAuth Redirect Proxy

This service acts as an intermediary for Google OAuth callbacks, allowing self-hosted apps on local networks to complete Google OAuth flows without needing a public domain.

How it works

Your self-hosted app directs users to Google's OAuth consent screen with redirect_uri set to https://oauth.agentbuildr.ai/callback. After the user authorizes, Google redirects here, and this proxy forwards the authorization code back to your local app.

Setup for your app

1. Create a Google Cloud project and an OAuth 2.0 "Web application" client.
2. Set the Authorized redirect URI to: https://oauth.agentbuildr.ai/callback
3. Enter your client ID and client secret into your app's settings.
4. Your app builds the authorization URL with a state parameter containing a base64-encoded JSON object with a local_url field pointing to your local callback endpoint.

State encoding

Your app should base64-encode a JSON object as the state parameter:

{
  "local_url": "http://myhost:8000/oauth/callback",
  "app_state": "your-csrf-token"
}

The proxy extracts local_url to know where to redirect, and forwards the original state string untouched so your app can verify app_state.

This proxy is stateless. It never sees your client secret or access tokens.