Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

github oauth with multiple domains

Tags:

github-api

oauth-2.0

multi-tenant

i am running an application that runs on several subdomains usergroupXYZ.onruby.de and also supports arbitrary domains as aliases. so you can access the domain via yourusergroup.onruby.de or via customdomain.de.

the app provides logins via twitter oauth and github oauth2.

the problem is, that i did not find a way to support github auth via custom domains. i always get redirect_uri_mismatch errors from github.

the twitter auth does not have a problem with redirecting to a different domain.

does anyone have a solution to this problem other than creating a github application token for each custom domain?

like image 717
phoet Avatar asked Dec 11 '12 20:12

phoet

2 Answers

You can override the callback URL but it must match the host name in the OAuth Application settings. This document gives a list of good and bad matches: http://developer.github.com/v3/oauth/#redirect-urls

Since different contexts are allowed, one solution would be to create different contexts on a base callback URL and then using the context information to redirect to the specific host. It would mean that you would be acting like a 'broker' and would need to pass some information to the target host.

If your callback URL is oauth.onruby.de, then oauth.onruby.de/cust1 and oauth.onruby.de/cust2 will be valid according to Github. You can then redirect /cust1 to cust1.de and /cust2 to cust2.de.

Please keep in mind that oauth.onruby.de would be acting as a gateway or broker and it would need to ensure that there are no security exposures.

like image 87
Akber Choudhry Avatar answered Sep 22 '22 11:09

Akber Choudhry

Yep we did what Akber suggested. We have two sites, xxx.com and xxx.co.uk and we want to use One github app for both sites OAuth.

We used Rails and OmniAuth gem.

The first thing we need to do is to append com or co.uk to the end of the callback URL

class OmniAuth::Strategies::GitHub
  # Some code are omitted    

  def callback_url
    url = super
    matches = url.match(/xxx\.([a-z|\.]+)(:\d+)?\//)
    if matches && matches[1] != 'com'
      tld = matches[1]
      url.gsub!("xxx.#{matches[1]}", 'xxx.com')
      url << "/#{tld}"
    end

    url
  end
end

and here's the rails middleware code that does redirect when github OAuth calls back

def call(env)
    match = env["PATH_INFO"].match(/\A\/users\/auth\/github\/callback\/(.+)\Z/)
    if match
      host = env["HTTP_HOST"]
      [301, {"Location" => "#{env['rack.url_scheme']}://#{host.gsub('com', match[1])}/users/auth/github/callback?#{env["QUERY_STRING"]}"}, self]
    else
      @app.call(env)
    end
end
like image 28
dalef Avatar answered Sep 22 '22 11:09

dalef
Sign in to Comment

Related questions

OAuth custom provider c#
Should I reuse OAuth 2.0 access tokens?
Callback URL not approved by Twitter
Keycloak and Spring Boot web app in dockerized environment
OAuth (Instagram) without refresh
Authentication with Asp.Net, RavenDB and OAuth support
Android OAuth2 Bearer token best practices
Google OAuth 2.0 include_granted_scopes not working for installed app
Can email address not verified in oauth2?
How can I configure the expiration time of an Azure AD access token (using ADAL)?
OAuth 2.0 where to securely store access token for long term use
CORS issue with Google Oauth2 for server side webapps
What am I doing wrong in localhost Facebook app development?
pull queues authorization from compute
Google Webmasters API for Java returns empty site list
Oauth2 flow in Flutter app
How to create Google API OAuth Credentials object from alternate source
JWT "invalid_grant" in Signature in Google OAuth2
Organizing a secure channel between a Web app and a Native app
Accessing Google Cloud Storage From Android OAuth2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!