Google oauth subdomains

Question

I have implemented Google oAuth on the site (example.com). Everything works fine except auth from subdomains on my site(I have a thousands of subdomains). When the user tries to authorize via subdomain, for example

fr.example.com
product1.example.com
product2.de.example.com

I receive an error from Google -

The redirect URI in the request did not match a registered redirect URI

How it could be solved ?

Answer 1

The other answers have already clarified that the cause of the troubles is that Google's OpenAuth doesn't support wild card sub domains. However, what you're asking is how can it be solved? Well, you have two choices, according to this email thread:

1. Provide a single OAuth2 handling endpoint for all subdomains. That is, you'd have a main domain and endpoint, via which you do authentication also for the sub domains. When done authenticating, you redirect back to the sub domain. There's supposedly an OpenAuth state parameter, in which you can encode the sub domain name. This is what I did, here's the code: https://github.com/debiki/debiki-server/blob/master/app/controllers/LoginWithOpenAuthController.scala

2. You can have each sub domain register independently with Google.

Which option you'll choose depends on which brand the Google users are asked to approve. The main domain, or a sub domain?

Answer 2

That's because Google's OAuth does not support wildcard subdomain matching. You can refer to more documentation here