Login/Register
github oauth with multiple domains
Asked Answered
Solved oauth-2.0multi-tenantgithub-api
T

2

9

i am running an application that runs on several subdomains usergroupXYZ.onruby.de and also supports arbitrary domains as aliases. so you can access the domain via yourusergroup.onruby.de or via customdomain.de.

the app provides logins via twitter oauth and github oauth2.

the problem is, that i did not find a way to support github auth via custom domains. i always get redirect_uri_mismatch errors from github.

the twitter auth does not have a problem with redirecting to a different domain.

does anyone have a solution to this problem other than creating a github application token for each custom domain?

Teacart answered 11/12, 2012 at 20:35 Comment(0)
C
11

You can override the callback URL but it must match the host name in the OAuth Application settings. This document gives a list of good and bad matches: http://developer.github.com/v3/oauth/#redirect-urls

Since different contexts are allowed, one solution would be to create different contexts on a base callback URL and then using the context information to redirect to the specific host. It would mean that you would be acting like a 'broker' and would need to pass some information to the target host.

If your callback URL is oauth.onruby.de, then oauth.onruby.de/cust1 and oauth.onruby.de/cust2 will be valid according to Github. You can then redirect /cust1 to cust1.de and /cust2 to cust2.de.

Please keep in mind that oauth.onruby.de would be acting as a gateway or broker and it would need to ensure that there are no security exposures.

Concision answered 12/12, 2012 at 14:29 Comment(0)
R
2

Yep we did what Akber suggested. We have two sites, xxx.com and xxx.co.uk and we want to use One github app for both sites OAuth.

We used Rails and OmniAuth gem.

The first thing we need to do is to append com or co.uk to the end of the callback URL

class OmniAuth::Strategies::GitHub
  # Some code are omitted    

  def callback_url
    url = super
    matches = url.match(/xxx\.([a-z|\.]+)(:\d+)?\//)
    if matches && matches[1] != 'com'
      tld = matches[1]
      url.gsub!("xxx.#{matches[1]}", 'xxx.com')
      url << "/#{tld}"
    end

    url
  end
end

and here's the rails middleware code that does redirect when github OAuth calls back

def call(env)
    match = env["PATH_INFO"].match(/\A\/users\/auth\/github\/callback\/(.+)\Z/)
    if match
      host = env["HTTP_HOST"]
      [301, {"Location" => "#{env['rack.url_scheme']}://#{host.gsub('com', match[1])}/users/auth/github/callback?#{env["QUERY_STRING"]}"}, self]
    else
      @app.call(env)
    end
end
Redness answered 12/9, 2015 at 21:41 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.