Standard OAuth Flow:
When a user tries to log in with Google, your Next.js app redirects them to Google's authentication page.
After successful authentication, Google redirects the user back to a specific URL in your app (the "redirect URI").
This redirect URI is configured in the Google Cloud Console.
Vercel Preview URLs:
Vercel creates unique, dynamic URLs for each pull request preview (e.g., https://your-project-git-branch-hash.vercel.app).
These URLs are different from your production URL (e.g., https://yourdomain.com).
The Mismatch:
Google OAuth requires the redirect URI to exactly match the URL configured in the Google Cloud Console.
When a user tries to log in from a Vercel preview, Google tries to redirect them to the preview URL.
However, the redirect URI in your Google Cloud Console is likely set to your production URL or localhost, causing a mismatch.
Google Cloud Console does not allow wildcards in the redirect URI, preventing a catch all.
The Result:
Google's OAuth server rejects the redirect, and the login fails.