Subdomain in Google Console Redirect URIs

Question

I have an web application that uses google api (google drive). The application is used by many clients and every client has an subdomain to access the system.

So the domain is appdomain.com

And for users I have foo.appdomain.com, bar.appdomain.com, etc.appdomain.com.

But in google console redirect URI I have to manually put the redirect urls, is there any way I can use wildcards to redirect to make google accept any of subdomains like: *.appdomain.com ?

With this I can make the google authorization calls with the user subdomain in redirect_uri:

https://accounts.google.com/o/oauth2/auth?redirect_uri=http://foo.appdomain.com

Answer 1

Wildcard matching subdomains is not supported in Google OAuth. You could try using the state parameter and include the user-specific information there. This parameter will be returned to you in the response. More information on state here.

Answer 2

You can create a master subdomain to get all google auth responses and redirect to correct subdomain using the "state" query parameter.

For example create google.mydomain.com and use it as your valid "Redirect URI" and Apache will can redirect this url to each user with redirect (or rewrite) feature.

More info about apache redirects in http://www.simonecarletti.com/blog/2009/01/apache-query-string-redirects/

Here the code I'm using:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^google\.
RewriteCond %{QUERY_STRING} state=([a-z0-9]+)
RewriteRule ^(.*)$ http://%1.mydomain.com/$1 [L]

Answer 3

Hooray for useful yet unnecessary workarounds (thanks for complicating yourself into a corner Google)....

I was using Google Drive using the javascript api to open up the file picker, retrieve the file info/url and then download it using curl to my server. Once I finally realized that all my wildcard domains would have to be registered, I about had a stroke.

What I do now is the following (this is my use case, cater it to yours as you need to)

1. On the page that you are on, create an onclick event to open up a new window in a specific domain (https://googledrive.example.com/oauth/index.php?unique_token={some unique token}).

2. On the new popup I did all my google drive authentication, had a button to click which opened the file picker, then retrieved at least the metadata that I needed from the file. Then I stored the token (primary key), access_token, downloadurl and filename in my database (MySQL).

3. Back on step one's page, I created a setTimeout() loop that would run an ajax call every second with that same unique_token to check when it had been entered in the database. Once it finds it, I kill the loop and then retrieve the contents and do with them as I will (in this case I uploaded them through a separate upload script that uses curl to fetch the file).

This is obviously not the best method for handling this, but it's better than entering each and every subdomain into googles cloud console. I bet you can probably do this with googles server side oauth libraries they use, but my use case was a little complicated and I was cranky cause I was frustrated at the past 4 days I've spent on a silly little integration with google.