How to deal with arbitrary amount of redirect URIs?

About

Asked 22/1, 2013 at 10:49 Answered 22/1, 2013 at 20:21

I'm developing an application where the users have their own URLs, and they need to use Google API - of course with different redirect URIs, like

www.example.com/johndoe/google/login
www.example.com/foobar/google/login

So first I thought I could simply solve this problem by using wildcards (www.example.com/*/google/login), but it unfortunately doesn't work that way. Then I started to code a simple proxy in Perl, but I'm not sure it would work and we're running out of time. What is the best way to deal with the situation? I thought about adding a new redirect URI to the console from the registration handler, but I didn't find any way the server could do this.

Oliguria answered 22/1, 2013 at 10:49 Comment(1)

See answer on #7722562 Thanks! – Ilo 24/9, 2014 at 10:33

Wildcards are not supported in Google OAuth2 redirect URIs. I think your best best is to use a single redirect URI, and pass in the user information in the state parameter. The state parameter is returned to you in response. Then, when you receive the authorization code/tokens, you can lookup the state parameter and handle the response appropriately (e.g., redirect to your user-specific URLs).

This answer has more information.

Birck answered 22/1, 2013 at 20:21 Comment(4)

hmm and how do I handle the response? Doesn't seem to be a "state" parameter there. Or can I use any redirect URI after receiving the code? How about calling an actual API? If I have an access token, can I use it from anywhere or what are the limitations? – Oliguria 23/1, 2013 at 13:38

You pass in the state parameter when you prepare the request. For instance, you could include the username there. After you receive the authorization code, and exchange it for access/refresh tokens, you will have a valid access token along with a state parameter populated with the username. What to do with it is up to your application. One major limitation on the access token is that it's short lived (you can check the expires_in parameter in the response, I think it's 3600 seconds). So, you will need to exchange your long lived refresh token for an access token periodically. – Birck 23/1, 2013 at 17:29

Thank you! Actually, I solved the whole thing before you responded to my comment, but it still clears a few things up. – Oliguria 24/1, 2013 at 12:12

@Oliguria I am facing the same issue with multiple custom domain, as you stated above that you solved whole thing, so can you guide us on the below issue? #62997242 – Ora 21/7, 2020 at 7:19

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags