Yikes, it’s correct that HTTPS is still not enforced I just sent a support request again. @SamSaffron could you please double-check?
That’s also the reason why the redirect_uri_match happens. I switched it to https and that’s why it doesn’t work with http.
That’s what I thought. You are redirected if you enter http and https is in the cache, but if you clear the cache …
I am pretty sure you need to do the oauth setting from scratch for Google, just so it is able to correctly redirect back to HTTPS