I'm developing a website using ASP.NET identity that will work with subdomains that identify a client using some information from here I've got subdomains working locally, but I can't get it to work with OAuth.
For example, if I got to https://localhost:44301 and try to login with Google, everything is fine. In my Google console I have https://localhost:44301 under "Authorized JavaScript origins" and https://localhost:44301/signin-google under "Authorized redirect URIs". But when I go to https://foo.localhost:44301 Google will respond with:
Error: invalid_request
Invalid parameter value for redirect_uri: Non-public domains not allowed: https://foo.localhost:44301/signin-google
When you try to log in. I can add https://foo.localhost:44301 to "Authorized JavaScript origins" in the Google console, but it won't let me add https://foo.localhost:44301/signin-google under authorized redirect URIs because it will complain:
Invalid Redirect: https://foo.localhost:44301/signin-google must end with a public top-level domain (such as .com or .org)
Some other questions and answers suggest redirecting all subdomains to a single domain for OAuth, but ideally I want to keep logins per subdomain. So if you use google to sign it to foo.mydomain.com it will be separate from bar.mydomain.com and I don't think that'll work if I have to redirect both to the same single domain (although I'm not sure that's going to work without separate projects in Google.
