social logins

[jonphipps]

In trying to implement social logins, specifically GitHub, I need to register a callback URL. This registered callback URL specifically needs to have the same domain as the redirect URL, so a call from foo.myapp.com/user/login/github?redirect=/mypage must be able to handle a response to and from www.myapp.com or some other global subdomain, and ultimately result in the user being logged in and redirected to foo.myapp.com/mypage.

What's the best way to implement this? Initially the customer is known based on the subdomain, but this is lost in the normal session-state because the domain switching loses the session. We can do a fresh customer lookup after successful login and rebuild the redirect URL, but I just want to make sure that's the best thing to do, especially since this won't work if a user can be a member of multiple customers.

[jbroadway]

You mean that a redirect from foo.myapp.com needs to end up on www.myapp.com because that's what the callback URL would be set to globally? For that, I would probably just pass an extra ?account=foo parameter and use that to reconstruct the info to redirect back to foo.myapp.com.

Another option might be to set session_domain = top in conf/config.php so the cookies are set to .myapp.com and should be maintained across subdomains, in which case you could set a session variable before redirecting and read that to know where to redirect to.