Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Facebook App with wildcard OAuth redirect URL

Tags:

facebook

oauth

I have a Facebook app that I'm working on. In my app's advanced settings tab (in Facebook's developer site) I'd like to specify an OAuth redirect URL with a wildcard in it.

Each user of my app has a custom subdomain (e.g. foobar.example.com). I want to be able to specify an OAuth redirect url such as *.example.com.

I know for other platforms such as Twitter and LinkedIn, it's possible to achieve this by setting the redirect URL simply to example.com, and it will accept redirect URLs with any subdomain, including www. In my app's general settings tab I was able to change the url from app.example.com to example.com. After doing that, I can still authenticate from app.example.com and I am redirected back to app.example.com/callback because app.example.com/callback is whitelisted in my app settings.

If I try to authenticate from another subdomain such as foobar.example.com, I'm redirected back to app.example.com/callback afterwards, which is not what I want. I tried changing my redirect URL to example.com, as I did with the site url, but then I am redirect to example.com/callback instead of app.example.com/callback.

I've also tried using a wildcard such as *.example.com/callback, but Facebook wouldn't let me save the settings with a wildcard in the URL.

How can I make my redirect URL dynamic so that I don't need to manually enter hundreds or even thousands of whitelisted URLs?

like image 626
Daniel Bonnell Avatar asked Mar 09 '16 20:03

Daniel Bonnell

1 Answers

Here's how to accomplish this in 4 simple steps:

  1. Create a new subdomain for your app (e.g. auth.example.com).
  2. In the settings tab for your Facebook app where you specify the Valid OAuth Redirect URIs, put in your new subdomain with the right path to your Oauth controller (e.g. https://auth.example.com/auth/facebook/callback).
  3. When the user wants to authorize your app, send them to Facebook as normal and specify your new redirect url with their user ID (or some other identifier) as a parameter (e.g. https://auth.example.com/auth/facebook/callback?user_id=123).
  4. When the user hits that redirect URI on your server, save their access token and then redirect them to wherever you want (e.g. back to https://foo.example.com).

My app has used this exact setup successfully for almost two years and we service thousands of users a day.

like image 190
Daniel Bonnell Avatar answered Sep 21 '22 09:09

Daniel Bonnell
Sign in to Comment

Related questions

PHP find the array index key of multi dimensional array to update array
How to fix "requires valid redirect URI" at Facebook Share Dialog?
Missing Photos from Timeline Photos album
Facebook Share URL having hash
Convert Facebook New Search to Graph or FQL
How should I correctly request permission for my Facebook app?
Facebook Connect 'next' error
Facebook 'Like' buttons and # URL strings?
Getting "Error validating access token" from Facebook for some users
Control the image that facebook shows when I like a URL [duplicate]
Comment pop up disappears and a "confirm" button appears instead when using facebook like button
is group chat for facebook implemented in the API?
Integration test with rspec and devise sign_in env
Facebook Single-Sign On: when user logs out of Facebook app, how do I log out of my app?
Like button not working in a Chrome extension
Blocked a frame with origin "http://static.ak.facebook.com" from accessing a frame with origin [duplicate]
Can we change the image of link (Which is posted by android app) on facebook
How to CURL a Facebook ad report
Multiple Facebook, Twitter share buttons in one page with custom image and title
angular need to reload page for fb share button to show up

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!