I've actually run into similar headaches with domain validation on other platforms, so I totally get why this is so annoying, especially since it was working before!
The problem here almost certainly comes down to a recent, unannounced change on Google's end. What's happening is that their security team has likely updated their list of "public suffixes."
So, what's a public suffix?
Think of it like this: blogspot.com or github.io. Those are domains where anyone can create their own subdomain (like your-blog.blogspot.com). Google's rules for OAuth are designed to prevent security vulnerabilities, and they've gotten a lot stricter about not allowing public suffixes in their Authorized JavaScript origins field.
The reason it's failing is that Google's system is now seeing up.railway.app as one of those "public suffixes," even though it might not have been on their list a few months ago. The generic "invalid argument" error is just their way of saying, "Hey, that domain doesn't pass our new validation check."
The fact that up.railway.com works and up.railway.app doesn't is a huge clue. It tells me Google's list has been updated to specifically flag the .app suffix, likely because it's so widely used for different apps.
Honestly, the most reliable and secure way to solve this is to get a custom domain for your project.it's the better for production apps and will prevent this kind of problem from ever happening again.
1.Buy a domain: Grab a simple domain name, something like my-awesome-app.com. It's a small investment that adds a ton of professionalism.
2.Add it to Railway: Railway makes this super easy. Just follow their guide to add the custom domain and update your DNS settings (usually by adding a CNAME record).
3.Update Google Cloud: Once your domain is configured on Railway, just go back to your OAuth client settings and replace https://your-app.up.railway.app with https://my-awesome-app.com.
4.Change Your Code: Don't forget to update your app's redirect_uri and any other hardcoded URLs to use your new custom domain.