32

I want to work in my localhost and my live domain, there is any way to insert more then one callback to github oauth settings? How we solve this problem?

Redirect URLs

Bazinga
  • 10,716
  • 6
  • 38
  • 63

4 Answers4

38

I solved this issue by creating a dedicated OAuth application on Github for my local development environment. So I have the following 2 OAuth applications:

  1. My official OAuth application for production

    • Client ID: ABC
    • Client Secret: 123
    • Authorization callback URL: https://example.com/api/v1/security/oauth/github/callback

  2. My private OAuth application for development

    • Client ID: XYZ
    • Client Secret: 456
    • Authorization callback URL: https://localhost/api/v1/security/oauth/github/callback

When I configure my API in local, I use the ID and secret of the development application (2). And in production I use the ID and secret of my official application (1).

Alexis.Rolland
  • 5,724
  • 6
  • 50
  • 77
  • 6
    This is the right way to go. Everything else is just a hack. Also, Github should provide a way to specify multiple callbacks though. – zookastos Aug 05 '21 at 07:09
16

The bad news is we can't insert more than one callback to GitHub OAuth setting.

Good news is that we can use multiple callback sub-url under our callback url, then you can redirect(proxy) it to any callback url that you want.

for example, if your callback url is: domain.com/auth/github/callback, then the following callback url are all valid:

  1. domain.com/auth/github/callback/sub-callback-1
  2. domain.com/auth/github/callback/sub-callback-2
  3. domain.com/auth/github/callback/sub-callback-3

etc.

After redirect to sub-callback-N with all parameters, then we could jump to any other callback url as you expected.

Huan
  • 2,876
  • 3
  • 30
  • 49
  • 8
    My problem is I would like one authorized callback URL to work locally `https://localhost/auth/github/callback` and one to be used in production `https://example.net/auth/github/callback`. Can this be achieved with what you describe above? – Alexis.Rolland Dec 09 '18 at 11:50
  • 2
    I think so. I believe you can set up a `https://example.net/auth/github/callback-localhost` and then let your server redirect it to `localhost` to archive that. – Huan Dec 12 '18 at 15:43
  • Putting some more thoughts into it, I don't think this is a good solution because if I configured my OAuth app for production with `https://example.net/auth/github/callback` it means I have to change the configuration of my web server in production to redirect to `https://localhost/auth/github/callback`. Right? I have proposed another solution below. What do you think? – Alexis.Rolland Dec 13 '18 at 14:10
2

Instead of using localhost, you can modify your hosts file and point your domain to use 127.0.0.1. On a Mac, open the hosts file located under:

Computer > Macintosh HD > etc

Add the entry for your domain. For example if your domain is mycoolapp.com

127.0.0.1 mycoolapp.com

Just make sure to comment out this line when you want to test using your production server:

#127.0.0.1 mycoolapp.com

Using this solution, you don't need to maintain two separate configurations.

Johann
  • 27,536
  • 39
  • 165
  • 279
1

According their doc, you don't need to register localhost redirect URLs, but it just accepts URLs even if it doesn't match the registered one as long as its host part is localhost.

tnzk
  • 51
  • 7