google oauth - How to deal with arbitrary amount of redirect URIs?

Question

I'm developing an application where the users have their own URLs, and they need to use Google API - of course with different redirect URIs, like

• www.example.com/johndoe/google/login
• www.example.com/foobar/google/login

So first I thought I could simply solve this problem by using wildcards (www.example.com/*/google/login), but it unfortunately doesn't work that way. Then I started to code a simple proxy in Perl, but I'm not sure it would work and we're running out of time. What is the best way to deal with the situation? I thought about adding a new redirect URI to the console from the registration handler, but I didn't find any way the server could do this.

Answer 1

Wildcards are not supported in Google OAuth2 redirect URIs. I think your best best is to use a single redirect URI, and pass in the user information in the state parameter. The state parameter is returned to you in response. Then, when you receive the authorization code/tokens, you can lookup the state parameter and handle the response appropriately (e.g., redirect to your user-specific URLs).

This answer has more information.