Multi-domain Meteor app instance and Google OAuth

Overview

Changes to Meteor packages (OAuth & Google) to support Meteor web app deployed under multiple domains (for branding purpose, for example).

Only changes to Google and the core OAuth packages are included here. Other OAuth packages, such as Facebook can be amended in a similar way.

The solution does not include sharing the login state across the domains. If that's what you need, there's another suggested solution for that on the net.

Note: The files attached don't include complete source code from the packages but only changed functions.

Scenario

The web application is deployed with multiple CNAME records pointing to the same instance - main.example.com, brand2.example.com. The application is starting with ROOT_URL=https://main.example.com. Both domain names are registered as authorised origins and redirect URIs in Google API manager.

Assumption

Custom client code for Meteor.startup overrides the Meteor.absoluteUrl.defaultOptions.rootUrl as required (example attached).

Problem

When the server side prepaires HTTP POST request to exchange authorization code to an access token, the value of redirect_uri parameter depends on the current ROOT_URL (same for connections via different domain names). This results in mismatch of the redirect_uri during the the authorization code request and the token request.

Solution

Pass the rootUrl used with the authorization code request from the client to server side inside the state parameter and use it to override rootUrl while building a redirect_uri for the access token request.