AuthSub target path prefix does not match the provided “next” URL

StackOverflow https://stackoverflow.com/questions/6827962

  •  26-10-2019
  •  | 
  •  

Question

We have this web app where every customer hook up their own domain/use a sub domain to our domain, for their account. This account can be integrated with Google Analytics for statistics.

Our problem is with the AuthSub authentication. To often, when we redirect the user to sign in on Google, they are presented with the error AuthSub target path prefix does not match the provided "next" URL..

In accordance with this question I changed the next URL to a non-restricted with no redirects, but it didn't solve the issue.

As I understand it I can't register our app with Google, since every customer have their own unique domain (though most have a *.our-app.com).

What more can I try? Thank you.

Edit: This is the full error message.

The page you have requested cannot be displayed. Another site was requesting access to your Google Account, but sent a malformed request. Please contact the site that you were trying to use when you received this message to inform them of the error. A detailed error message follows:

AuthSub target path prefix does not match the provided "next" URL.

Was it helpful?

Solution 2

Solved it. I created a common domain for all redirects from Google (which is used in the next parameter), which I registered with Google.

So if the user had the domain "client.app.com", the next parameter would look something like this: core.app.com/savetoken?domain=client.app.com. This page simply redirects to client.app.com/savetoken with the token from Google.

OTHER TIPS

From The AuthSub interface

This value should be a page on the web application site

It's my understanding that the domains should match between the web app and the next url. Example: web app - example.com next url - example.com/nexturl.php

Target URL path prefix: This value enables Google to reject all authorization requests ostensibly from your domain that use an incorrect domain or prefix. If you're making an AuthSub request, this URL must be identical to the prefix value of the next parameter used in your authorization requests. For example, if your next values will be something like http://example.com/authsub and/or http://example.com/feed/authsub, your prefix should be http://example.com.

This is so that you are not authenticating someone and then sending them off to some other site. It's for security and protection of the user account.

If your users are starting on a subdomain like subdomain.example.com and the next url is example.com, it will most likely fail. That was the issue in the question you cite.

You should be able to solve it by doing what that poster did. Make the next url the same as the web app (originating page) and use a url parameter to redirect to the page you want it to go to.

Since this comes up in a google search.

If you've mistakenly made the next url example.com and your application is trying to redirect to www.example.com you can update the AuthSub token here: https://accounts.google.com/ManageDomains

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top