Error 400: invalid_request (GeneralOAuthFlow) Laravel Development

By Posted on

If you’ve recently cloned your Laravel project to a new computer or pulled the latest changes from GitHub, and suddenly you’re greeted with this error when logging in with Google: 

Error 400: invalid_request
Request details: flowName=GeneralOAuthFlow

don’t panic! This is one of the most common issues developers face when working with Google OAuth integration in Laravel, and the fix is usually straightforward.

In this article, I’ll explain why this error happens, the most common causes, and how you can fix it in minutes.

Why Does “Error 400: invalid_request” Happen?

When Laravel communicates with Google’s OAuth 2.0 service, it sends a request containing your Client ID, Client Secret, and a Redirect URI.

If any of these are missing or don’t match the configuration in your Google Cloud Console, Google rejects the request with invalid_request.

This often happens after:

  • Cloning a Laravel project onto a new machine.
  • Forgetting to copy your .env file.
  • Using a different local domain (localhost vs 127.0.0.1).
  • Not registering the correct redirect URI in Google Cloud Console.

4 Common Causes of Error 400 in Laravel Google OAuth

1. Missing or Incorrect .env Values

Check your .env file for the following keys: 

GOOGLE_CLIENT_ID=xxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=xxxx
GOOGLE_REDIRECT_URI=http://localhost:8000/auth/google/callback

If GOOGLE_CLIENT_ID or GOOGLE_CLIENT_SECRET is missing or empty, Google can’t validate your request.

2. Redirect URI Doesn’t Match Google Console

Go to your Google Cloud Console → Credentials → OAuth 2.0 Client IDs and confirm that the redirect URI you’re using in Laravel matches exactly.

For example:

  • http://localhost:8000/auth/google/callback
  • http://127.0.0.1:8000/auth/google/callback (different host)
  • http://localhost:8001/auth/google/callback (different port)

Even a small difference will break the flow.

3. Cached Config in Laravel

Laravel caches your configuration, so even after fixing .env, the old values might still be in memory. Run: 

php artisan config:clear
php artisan cache:clear
php artisan route:clear

This ensures Laravel uses your updated environment variables.

4. Multiple Development Environments

If you’re switching between machines (e.g., one uses Valet at http://project.test and another uses Artisan at http://localhost:8000), you need to register both redirect URIs in Google Console.

You can add multiple redirect URIs under your OAuth client settings.

By double-checking your .env, syncing your redirect URI with Google Cloud Console, and clearing Laravel’s cache, you’ll get your Laravel + Google OAuth login working again in no time. Happy coding!!!