4

My web application needs access to users Google data. I decided to use OAuth2. Problem is that Google does not accept my redirect_uri. It is the local IP address of my server on the intranet.

In the past I have used OpenID, which accepted the local redirect_uri. How to overcome this problem with OAuth2?

The only solution I found so far, is to use redirect_uri=urn:ietf:wg:oauth:2.0:oob but this requires the user to copy an paste the access token. Is there a better solution?

Witek
  • 6,160
  • 7
  • 43
  • 63

1 Answers1

2

Since apparently your users will always be on the intranet, you could use any FQDN that resolves to the local IP address either through a hosts file on the users' machine or the local DNS server.

Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • 1
    local hosts file or local DNS server does not help. Google requires for OAuth2 to provide a redirect_uri via developer console. But I have no valid IP for it, since there is no public URI for my web application which runs in intranet only. – Witek Feb 15 '15 at 14:24
  • 2
    sure it does: just add something like `localhost.yourdomain.com` which resolves to your private IP address; Google will not try to resolve that address, only your clients (users's browsers) will. – Hans Z. Feb 15 '15 at 14:29
  • 2
    Hans is correct. It is a common OAuth misunderstanding that Google will try to call the redirect URL, but in fact it sends an http redirect so as long as the URL makes sense to the browser – pinoyyid Feb 17 '15 at 16:46