0

Is it possible to use Google's OpenID API from an application that is being served in an intranet (accessed with a VPN but has access to the internet)?

I assume this isn't possible since Google doesn't have access to the application's origin, but I asked to make sure. (Using an external Identity Server would probably efficiently fix the issue but unfortunately, that's not a possibility)

When I tried to authorize the origin (https://console.cloud.google.com/apis/credentials/oauthclient/), I got the following error message:

Invalid Origin: must end with a public top-level domain (such as .com or .org).

Are there any possible workarounds or is this a dead cause?

Other Info: The application is using asp.net core (MVC).

G H Prakash
  • 1,720
  • 10
  • 30
nick zoum
  • 7,216
  • 7
  • 36
  • 80
  • 1
    Might check this thread: https://stackoverflow.com/questions/14238665/can-a-public-ip-address-be-used-as-google-oauth-redirect-uri I wouldn't use the workarounds though... some of them seem like they would cause security issues. Why not keep access controlled by the domain? – pcalkins May 11 '22 at 20:48
  • @pcalkins Thanks for the reference, I've already implemented it using windows auth, wanted to check if I could have both, so that the user/admin could have the option of choosing. – nick zoum May 12 '22 at 12:27

0 Answers0