Google OAuth for a Meteor web app accessible using multiple domain names (brandi...
source link: https://gist.github.com/willhzm/f4a0517f5cdc8ca80ded09283034bbb1
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Multi-domain Meteor app instance and Google OAuth
Overview
Changes to Meteor packages (OAuth & Google) to support Meteor web app deployed under multiple domains (for branding purpose, for example).
Only changes to Google and the core OAuth packages are included here. Other OAuth packages, such as Facebook can be amended in a similar way.
The solution does not include sharing the login state across the domains. If that's what you need, there's another suggested solution for that on the net.
Note: The files attached don't include complete source code from the packages but only changed functions.
Scenario
The web application is deployed with multiple CNAME records pointing to the same instance - main.example.com
, brand2.example.com
. The application is starting with ROOT_URL=https://main.example.com
. Both domain names are registered as authorised origins and redirect URIs in Google API manager.
Assumption
Custom client code for Meteor.startup
overrides the Meteor.absoluteUrl.defaultOptions.rootUrl
as required (example attached).
Problem
When the server side prepaires HTTP POST request to exchange authorization code to an access token, the value of redirect_uri
parameter depends on the current ROOT_URL
(same for connections via different domain names). This results in mismatch of the redirect_uri
during the the authorization code request and the token request.
Solution
Pass the rootUrl
used with the authorization code request from the client to server side inside the state parameter and use it to override rootUrl
while building a redirect_uri
for the access token request.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK