Users with multiple domains are having issues when using oauth providers. The issue is as follows:
User may have domainA and domainB pointing to hasura-auth
domainA is configure as AUTH_SERVER_URL
callback url is configured to point to domainA in the aauth provider
both domainA and domainB are allowed on the oauth provider
Now, if a user attempts to initiate a login with the oath provider using domainA everything works fine, however, if it uses domainB the last step, when auth tries to exchange the authorization code for an access token, the exchange fails.
This behavior is confirmed at least with Google (using openid scope) and probably Apple.
This is problematic as some apps may need to support both domains for a transitional period of time while their users upgrade their mobile apps.
A potential solution would be to look at the host header and construct the callback url dynamically from it instead of relying on the AUTH_SERVER_URL.
dbarrosop
commented
9 months ago
Users with multiple domains are having issues when using oauth providers. The issue is as follows:
Now, if a user attempts to initiate a login with the oath provider using domainA everything works fine, however, if it uses domainB the last step, when auth tries to exchange the authorization code for an access token, the exchange fails.
This behavior is confirmed at least with Google (using openid scope) and probably Apple.
This is problematic as some apps may need to support both domains for a transitional period of time while their users upgrade their mobile apps.
A potential solution would be to look at the host header and construct the callback url dynamically from it instead of relying on the AUTH_SERVER_URL.