Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Private redirect URLs for OAuth2 fail validation #101

Open
scottatron opened this issue Mar 23, 2023 · 3 comments
Open

Private redirect URLs for OAuth2 fail validation #101

scottatron opened this issue Mar 23, 2023 · 3 comments

Comments

@scottatron
Copy link

I'm trying to start work on an app for my own purposes and want to use OAuth2. I'm also wanting to keep this within my private network.

Unfortunately I can't seem to add any redirect URLs to my app registration that are not 'localhost' or publicly routable addresses.

I'm currently using a dev server within my network to work on the app, so are expecting to access it from another client system in the network which makes using 'localhost' addresses difficult.

Is there any way I can register private redirect URLs that pass the validation when updating my app registration?
@sanmai
Copy link
Member

sanmai commented Mar 23, 2023

May we ask you to share some examples of private redirect URLs?

@scottatron
Copy link
Author

No problem...

I'm currently trying out Acorn, and when deploying an app, it creates a publicly resolvable DNS record for your application, but the actual record points to an IP address that is on my internal network (e.g. 192.168.88.0/24) so I can resolve the address and follow the redirects, but it cannot actually be reached from outside the network.

I've also tried using Tailscale hostnames for redirect URLs, as I use it within my network, but I'm guessing that the app registration page does some sort of connection check to validate the redirect URLs and cannot connect to the hostname.

I should also mention that I did manage to get a setup partially working using 'http://localhost:3000', however it seems that the redirect after getting the authorisation code doesn't include the port number, so I just get redirected to http://localhost/.... instead.

@scottatron
Copy link
Author

scottatron commented Mar 28, 2023
edited
Loading

I've done a little more tinkering to see if I can get this working and it appears that the address that the callback resolves to is not what's important—it seems to be failing on particular domains...

If I create a subdomain on a .com domain that I own, the app registration page happily accepts that, even if the DNS record doesn't actually exist.

If I create a subdomain on a .io domain that I own, this fails as before and the specific error on the field says "The url's domain is not valid".

Acorn—which I mentioned above, creates DNS records which end in alpha.on-acorn.io so they're failing in the same way. Tailscale's hostnames are <host>.<tailnet name>.ts.net and these are also failing with the same 'domain is not valid' error.

I haven't tried any other TLDs at this stage, but it seems to be a problem with the domain name validation more than anything.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sanmai @scottatron