3

I am using the google auth but keep getting an origin mismatch. The project I am working has sub domains that are generated by the user. So for example there can be:

john.example.com
henry.example.com
larry.example.com

In my app settings I have one of my origins being http://*.example.com but I get an origin mismatch. Is there a way to solve this? Btw my code looks like this:

 gapi.auth.authorize({
                        client_id : 'xxxxx.apps.googleusercontent.com',
                        scope : ['https://www.googleapis.com/auth/plus.me',
state: 'http://henry.example.com', 
'https://www.googleapis.com/auth/userinfo.email', 'https://www.googleapis.com/auth/userinfo.profile'],
                        immediate : false
                    }, function(result) {

                        if (result != null) {
                            gapi.client.load('oath2', 'v2', function() {
                                console.log(gapi.client);
                                gapi.client.oauth2.userinfo.get().execute(function(resp) {
                                    console.log(resp);
                                });
                            });




}
                });
Devin Dixon
  • 11,553
  • 24
  • 86
  • 167
  • According to http://stackoverflow.com/questions/13652062/subdomain-in-google-console-redirect-uris, wildcard domains are not supported as redirect URLs – pinoyyid Sep 11 '13 at 17:28
  • And the answer was to use the state, but I tried that with no avail, unless its implemented wrong. – Devin Dixon Sep 11 '13 at 17:31
  • 1
    If you haven't figured this out,in google set your callback url to somthing like auth.example.com , have apache / nginx redirect (from the state param) to the url . – LukePOLO Feb 23 '15 at 20:31

2 Answers2

4

Hooray for useful yet unnecessary workarounds (thanks for complicating yourself into a corner Google)....

I was using Google Drive using the javascript api to open up the file picker, retrieve the file info/url and then download it using curl to my server. Once I finally realized that all my wildcard domains would have to be registered, I about had a stroke.

What I do now is the following (this is my use case, cater it to yours as you need to)

  1. On the page that you are on, create an onclick event to open up a new window in a specific domain (https://googledrive.example.com/oauth/index.php?unique_token={some unique token}).

  2. On the new popup I did all my google drive authentication, had a button to click which opened the file picker, then retrieved at least the metadata that I needed from the file. Then I stored the token (primary key), access_token, downloadurl and filename in my database (MySQL).

  3. Back on step one's page, I created a setTimeout() loop that would run an ajax call every second with that same unique_token to check when it had been entered in the database. Once it finds it, I kill the loop and then retrieve the contents and do with them as I will (in this case I uploaded them through a separate upload script that uses curl to fetch the file).

This is obviously not the best method for handling this, but it's better than entering each and every subdomain into googles cloud console. I bet you can probably do this with googles server side oauth libraries they use, but my use case was a little complicated and I was cranky cause I was frustrated at the past 4 days I've spent on a silly little integration with google.

n0nag0n
  • 1,575
  • 1
  • 17
  • 25
0

Wildcard origins are not supported, same for redirect URIs.

The fact that you can register a wildcard origin is a bug.

You can use the state parameter, but be very careful with that, make sure you don't create an open redirector (an endpoint that can redirect to any arbitrary URL).

mariuss
  • 902
  • 6
  • 7
  • How do I use the state parameters? In my example above I have " state: 'http://henry.example.com' ", but the parameters does not seem to be used. – Devin Dixon Sep 17 '13 at 12:28
  • the state param does not work like that, its meant to verify what you sent – LukePOLO Feb 23 '15 at 20:30