I have implemented Google oAuth on the site (example.com). Everything works fine except auth from subdomains on my site(I have a thousands of subdomains). When the user tries to authorize via subdomain, for example
fr.example.com
product1.example.com
product2.de.example.com
I receive an error from Google -
The redirect URI in the request did not match a registered redirect URI
How it could be solved ?
The other answers have already clarified that the cause of the troubles is that Google's OpenAuth doesn't support wild card sub domains. However, what you're asking is how can it be solved? Well, you have two choices, according to this email thread:
Provide a single OAuth2 handling endpoint for all subdomains. That is, you'd have a main domain and endpoint, via which you do authentication also for the sub domains. When done authenticating, you redirect back to the sub domain. There's supposedly an OpenAuth state parameter, in which you can encode the sub domain name. This is what I did, here's the code: https://github.com/debiki/debiki-server/blob/master/app/controllers/LoginWithOpenAuthController.scala
You can have each sub domain register independently with Google.
Which option you'll choose depends on which brand the Google users are asked to approve. The main domain, or a sub domain?
That's because Google's OAuth does not support wildcard subdomain matching. You can refer to more documentation here
The redirect URI must exactly match one of the values listed for this project in the Google Developers Console (including the http or https scheme, case, and trailing '/'). So it will not support sub domains if you don't add them in Developers Console.
That's because Google's OAuth does not support wildcard sub-domain matching .You can redirect the one static page of all sub-domain and after authenticate or get access token of OAuth then you return on your sub-domain page with access token.
In the Authorized JavaScript origins field, enter the origin for your app. You can enter multiple origins to allow for your app to run on different protocols, domains, or subdomains. You cannot use wildcards. In the example below, the second URL could be a production URL.
http://localhost:8080 or
https://myproductionurl.example.com
https://developers.google.com/identity/sign-in/web/server-side-flow
Related
Per the documentation, and many examples and answers I found, I should be able to go to https://console.cloud.google.com/apis/credentials, click on my OAuth 2.0 Client ID, and have an option on the subsequent page to add redirect urls.
However, when I edit a Client ID, I am only given the name, Client ID, Client Secret and the creation date.
There are no fields nor buttons to add redirect URLs. What am I doing wrong? Where should I go to add redirect URLs?
Only web clients have redirect uris so make sure you click web client. It sounds to me like you have created a desktop client. Which does not have a redirect uri.
How to create Google Oauth2 web application credentials
I was able to edit redirect URI for my client when I use the URL you provided. I had to use the correct Google email that matched my organisation to be able to see and edit my clients. Is it possible that your Google user id does not have sufficient permissions to edit?
What is the type of OAuth client ID you have configured? Redirect URIs can only be added for web clients. Read more about types of OAuth clients here: https://support.google.com/cloud/answer/6158849#zippy=%2Cweb-applications.
I've set up an application for Microsoft Graph at https://apps.dev.microsoft.com/.
This is for consumer accounts like foo#outlook.com (not an AD tenant)
When I add a redirect URI, it won't let subdomains of that URI work.
From the documentation (which refers to AD) this should work, but on the consumer side, it does not.
eg I register https://example.com and my app will attempt to redirect to https://mycustomer.example.com.
The result is that the redirect_uri doesn't match the app registration.
Anyone know how to make a subdomain work?
You must explicitly register each redirect_uri.
This includes each subdomain and page your app needs to redirect them to. Wildcards are not supported.
I'm integrating Dropbox support in my application, and to get an access token to a user's account I use their OAuth2 flow. After the user has granted the application access I need the user to be redirected to the same URL it came from. The problem is that a user may come from any of a number of subdomains, and I don't have full control over these subdomains, which means I can't add them all to the redirect URL list in my Dropbox app settings.
I thought I'd solve this by having a general redirect URL under the www subdomain, which in turn would redirect to the correct URL. However, there doesn't seem to be any way to send custom data that Dropbox will include in the redirect URL. I've expermiented with YouTube's OAuth2 API and they allow you to send custom data in a state query parameter, which it will include when redirecting back. But this does not seem to be allowed for Dropbox. Does anyone know whether there is any way to do this?
Thanks
Dropbox supports the state parameter (up to 500 bytes, see the docs for /1/oauth2/authorize), and you can set arbitrary state in the Python SDK using DropboxOAuth2Flow.start.
When you complete the OAuth flow and call DropboxOAuth2Flow.finish, the state you passed in will be returned as the third member of the tuple.
If Dropbox doesn't honor the state parameter (and violates the spec doing so) the only alternative is to make sure the custom domains redirect to the general domain as well before kicking off authentication towards Dropbox, and then store the custom URL in a cookie that resides on the same general domain as the redirect URL. You can then pickup the state/custom URL from the cookie on return from Dropbox.
I want to access few social networks such as Instagram, Facebook, Twitter in my iOS app. I need to get user info, their friends etc. All this social network use OAuth 2.0 to allow my app get some data. As I understand, I need to have my own server to use its URL as redirect_uri. So the question is How to create this server?
I expected there are some tutorials and ready to use samples, but I didn't find any useful links.
you don't need to have a server for redirection.
OAuth 2.0 define a special redirect_uri for installed apps.
For example, Google OAuth define two special redirect uri,
urn:ietf:wg:oauth:2.0:oob and http://localhost
The first one results in an authorization code in the title of the page, and the second one results in the authorization code sent to a http://localhost address as part of the query string.
you can get more information from
https://developers.google.com/accounts/docs/OAuth2InstalledApp
and a reference for you
https://github.com/tikitikipoo/ios_oauth_twitter_and_facebook
My app allows users to have custom subdomains, as in user1.domain.com. I am integrating various oauth providers, all of which support the ability to authenticate via oauth with a subdomain of the registered application domain. Is there a way this can be done with Foursquare, or if not is there a specific reason subdomains are not allowed?
You should be able to specify whatever callback URL you'd like via https://foursquare.com/oauth