Subdomain in Google Console Redirect URIs

google-api subdomain oauth-2.0 wildcard-subdomain google-authentication
15,710

Solution 1

Wildcard matching subdomains is not supported in Google OAuth. You could try using the state parameter and include the user-specific information there. This parameter will be returned to you in the response. More information on state here.

Solution 2

You can create a master subdomain to get all google auth responses and redirect to correct subdomain using the "state" query parameter.

For example create google.mydomain.com and use it as your valid "Redirect URI" and Apache will can redirect this url to each user with redirect (or rewrite) feature.

More info about apache redirects in http://www.simonecarletti.com/blog/2009/01/apache-query-string-redirects/

Here the code I'm using:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^google\.
RewriteCond %{QUERY_STRING} state=([a-z0-9]+)
RewriteRule ^(.*)$ http://%1.mydomain.com/$1 [L]

Solution 3

Hooray for useful yet unnecessary workarounds (thanks for complicating yourself into a corner Google)....

I was using Google Drive using the javascript api to open up the file picker, retrieve the file info/url and then download it using curl to my server. Once I finally realized that all my wildcard domains would have to be registered, I about had a stroke.

What I do now is the following (this is my use case, cater it to yours as you need to)

  1. On the page that you are on, create an onclick event to open up a new window in a specific domain (https://googledrive.example.com/oauth/index.php?unique_token={some unique token}).

  2. On the new popup I did all my google drive authentication, had a button to click which opened the file picker, then retrieved at least the metadata that I needed from the file. Then I stored the token (primary key), access_token, downloadurl and filename in my database (MySQL).

  3. Back on step one's page, I created a setTimeout() loop that would run an ajax call every second with that same unique_token to check when it had been entered in the database. Once it finds it, I kill the loop and then retrieve the contents and do with them as I will (in this case I uploaded them through a separate upload script that uses curl to fetch the file).

This is obviously not the best method for handling this, but it's better than entering each and every subdomain into googles cloud console. I bet you can probably do this with googles server side oauth libraries they use, but my use case was a little complicated and I was cranky cause I was frustrated at the past 4 days I've spent on a silly little integration with google.

Share:
15,710
IPValverde
Author by

IPValverde

Updated on June 03, 2022

Comments

  • IPValverde
    IPValverde about 2 years

    I have an web application that uses google api (google drive). The application is used by many clients and every client has an subdomain to access the system.

    So the domain is appdomain.com

    And for users I have foo.appdomain.com, bar.appdomain.com, etc.appdomain.com.

    But in google console redirect URI I have to manually put the redirect urls, is there any way I can use wildcards to redirect to make google accept any of subdomains like: *.appdomain.com ?

    With this I can make the google authorization calls with the user subdomain in redirect_uri:

    https://accounts.google.com/o/oauth2/auth?redirect_uri=http://foo.appdomain.com
  • LukePOLO
    LukePOLO over 9 years
    @Lito has a workaround suggested above using the state param .
  • iopener
    iopener over 8 years
    @vlatko Looks like that link is dead, or at least redirects to another page with no state information, and I can't find it well-documented anywhere. I've seen suggestions to load the Google+ login button in an iframe and then have the iframe reload the parent page... seems like a bit of a nightmare.
  • ojathelonius
    ojathelonius over 5 years
    Is this not supported for security reasons ?
  • Patryk Padus
    Patryk Padus about 5 years
    In nginx way it not working. Say about "The session state () didn't match the state parameter (xyz.domain.com)"

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Firebase/Flutter google-services.json conflicts
Authentication on google api (calendar) with flutter
Unable to refresh OAuth2 token in PHP, invalid grant
How to avoid 'Failed to retrieve access token: { "error" : "invalid_grant" }' in offline GAE cron tasks?
POSTMAN, OAuth2 and Google Directory API
"'Credentials' object has no attribute 'access_token'" when using google-auth with gspread
Redirect_uri_mismatch when contacting Google APIs with OAuth2
How to get email and profile information from OAuth2 Google API?
How to create Google API OAuth Credentials object from alternate source
Redirect all subdomains to main domain inside vhost