Google oauth subdomains
The redirect URI must exactly match one of the values listed for this project in the Google Developers Console (including the http or https scheme, case, and trailing '/'). So it will not support sub domains if you don't add them in Developers Console.
The other answers have already clarified that the cause of the troubles is that Google's OpenAuth doesn't support wild card sub domains. However, what you're asking is how can it be solved? Well, you have two choices, according to this email thread:
Provide a single OAuth2 handling endpoint for all subdomains. That is, you'd have a main domain and endpoint, via which you do authentication also for the sub domains. When done authenticating, you redirect back to the sub domain. There's supposedly an OpenAuth state parameter, in which you can encode the sub domain name. This is what I did, here's the code: https://github.com/debiki/debiki-server/blob/master/app/controllers/LoginWithOpenAuthController.scala
You can have each sub domain register independently with Google.
Which option you'll choose depends on which brand the Google users are asked to approve. The main domain, or a sub domain?
That's because Google's OAuth does not support wildcard subdomain matching. You can refer to more documentation here