Menu
The task I am working now is to set up google authorization to access resources of my organization.
But there is a problem with this task. My organization uses non standard domain for its local network: domain.off. And when I try to set 'http://dev.domain.off:12345/auth/google/callback.html' as a oauth2 callback in the Google Cloud Console (https://cloud.google.com/console) I get 'Invalid redirect URI' error.
I cannot use direct address with correct internet domain because there are many other services in private development domain of my organization I have to use that conflict with different addresses.
I cannot use production enviroment with direct address for the development purposes. Development enviroment has only private addresses, domain.off.
I cannot modify hole development enviroment to change all private dev addresses to public. This is a task of not my compenency.
Is there any solution to my problem? The only solution I see now is to ask google developers to remove or modify URI validator in oauth callback setting form to accept non standard domains.
667
Add a URL redirectGo to your list of load balancers in the Google Cloud console. For a load balancer of type HTTP(S) (Classic), click the load balancer's name link. Click Edit edit. In Host and path rules, select Advanced host and path rule (URL redirect, URL rewrite).
Invalid Redirect URI While working on a web based client, you have to ensure that the redirect URI passed while authentication, is the same as the one given during registration. If the redirect uri is not the one given during registration, an invalid redirect uri error will be thrown.
A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
What you probably want is to use one of the alternative Oauth workflows.
If all you want is to use the google cloud from your service, go for a service account as explained here: https://developers.google.com/console/help/new/#generatingoauth2 I have this working at teowaki.com for interacting with google bigquery and it works seamlessly. All you need is to generate a key on the cloud console and place the key on your server.
If you need to identify users, then you can go for the OAuth for installed applications as shown here https://developers.google.com/console/help/new/#generatingoauth2
In this case, you can choose beetween the users going to a URL in which they will be presented a token they need to paste back onto your application, or being redirected to a URL in localhost. Since I assume you are doing a webapp, you should choose the first option and present the users with a token they need to paste. It's probably not the best UX ever, but being an internal application it is probably doable.
131
since you cannot use direct address with correct internet domain
you could try something like this
You can create a master subdomain to get all google auth responses and redirect to correct subdomain using the "state" query parameter.
For example create google.mydomain.com and use it as your valid "Redirect URI" and Apache will redirect this url to each user with redirect (or rewrite) feature.
More info about apache redirects in http://www.simonecarletti.com/blog/2009/01/apache-query-string-redirects/
Here the code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^google\.
RewriteCond %{QUERY_STRING} state=([a-z0-9]+)
RewriteRule ^(.*)$ http://%1.mydomain.com/$1 [L]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With