You can set “Authorized redirect URI” to local IP (like http://127.0.0.1/callback), it’s working fine for me.
What really agonizing is that google don’t allow user to config an external IP (let’s say your server IP like 99.99.99.99) as “Authorized redirect URI”, google want the “Authorized redirect URI” to end with a public top-level domain (such as .com or .org).