Google Auth proxy for subdomains

Question

Since Google Auth does not support wildcards in its redirect URL's, I am trying to create a proxy solution for Google Authentication. I have read the following two posts but need some more clarifications

1. How to deal with arbitrary amount of redirect URIs?
2. Subdomain in Google Console Redirect URIs

Primarily I have one domain say www.abcxyz.com
I need to have the Google Auth mechanism work for number of subdomains say:
alpla.abcxyz.com
beta.abcxyz.com
and so on for dynamically created subdomains

Following is something I want to try:

1. I will have only 1 redirect URL in the client secret json file say google.abcxyz.com
2. When creating a redirect url I pass the name of the subdomain 'alpha' in the state parameter
3. Once auth code is sent from google to google.abcxyz.com my proxy code reads the state parameter and forwards the request to alpha.abcxyz.com. This domain will then exchange the auth code for access token and refresh token.

Will this kind of mechanism work or do I need to do something more?
Will access tokens work from the subdomain?
What happens when access token expires?

Answer 1

I initially thought that this issue will be a big hindrance in automating my system but looks like there is an easy fix for this.

1. The redirect url should contain the primary domain and should be present both in Google client secrets and Google API console.
2. Pass the subdomain name in the state.
3. In the Primary Domain Apache Config read the query string and redirect accordingly.(read this blog to learn how to do redirect's based on query string).