具有通配符Oauth重定向URL的Facebook App [英] Facebook App with wildcard Oauth redirect URL

问题描述

我有一个正在使用的Facebook应用程序.我想在我应用的高级设置"标签中(在Facebook开发者网站中)指定一个带通配符的OAuth重定向URL.我的应用程序的每个用户都有一个自定义子域(例如foobar.example.com).我希望能够指定OAuth重定向URL，例如*.example.com.我知道对于其他平台(例如Twitter和LinkedIn)，可以通过将重定向URL设置为example.com来实现此目的，并且它将接受具有任何子域(包括www)的重定向URL.在应用程序的常规设置"选项卡中，我可以将URL从app.example.com更改为example.com.之后，我仍然可以从app.example.com进行身份验证，并且由于我在应用程序设置中将app.example.com/callback列入了白名单，因此我也被重定向回了app.example.com/callback.如果我尝试从另一个子域(例如foobar.example.com)进行身份验证，此后，我将被重定向回app.example.com/callback，这不是我想要的.我尝试将重定向URL更改为example.com，就像处理站点url一样，但是随后我将重定向到example.com/callback而不是app.example.com/callback.我也尝试过使用通配符，例如*.example.com/callback，但是Facebook不允许我在URL中使用通配符保存设置.

I have a Facebook app that I'm working on. In my app's advanced settings tab (in Facebook's developer site) I'd like to specify an OAuth redirect URL with a wildcard in it. Each user of my app has a custom subdomain (e.g. foobar.example.com). I want to be able to specify an OAuth redirect url such as *.example.com. I know for other platforms such as Twitter and LinkedIn, it's possible to achieve this by setting the redirect URL simply to example.com, and it will accept redirect URLs with any subdomain, including www. In my app's general settings tab I was able to change the url from app.example.com to example.com. After doing that, I can still authenticate from app.example.com and I am redirected back to app.example.com/callback because app.example.com/callback is whitelisted in my app settings. If I try to authenticate from another subdomain such as foobar.example.com, I'm redirected back to app.example.com/callback afterwards, which is not what I want. I tried changing my redirect URL to example.com, as I did with the site url, but then I am redirect to example.com/callback instead of app.example.com/callback. I've also tried using a wildcard such as *.example.com/callback, but Facebook wouldn't let me save the settings with a wildcard in the URL.

如何使重定向URL动态化，从而无需手动输入成百上千个列入白名单的URL?

How can I make my redirect URL dynamic so that I don't need to manually enter hundreds or even thousands of whitelisted URLs?

推荐答案

以下是通过4个简单步骤完成此操作的方法:

Here's how to accomplish this in 4 simple steps:

1. 为您的应用创建一个新的子域(例如auth.example.com).
2. 在您的Facebook应用的设置"标签中，您指定有效的OAuth重定向URI，将新的子域放入Oauth控制器的正确路径(例如 https://auth.example.com/auth/facebook/callback?user_id=123 ).
3. 当用户在您的服务器上点击该重定向URI时，请保存其访问令牌，然后将其重定向到您想要的任何位置(例如，返回到 https://foo.example.com ).

1. Create a new subdomain for your app (e.g. auth.example.com).
2. In the settings tab for your Facebook app where you specify the Valid OAuth Redirect URIs, put in your new subdomain with the right path to your Oauth controller (e.g. https://auth.example.com/auth/facebook/callback).
3. When the user wants to authorize your app, send them to Facebook as normal and specify your new redirect url with their user ID (or some other identifier) as a parameter (e.g. https://auth.example.com/auth/facebook/callback?user_id=123).
4. When the user hits that redirect URI on your server, save their access token and then redirect them to wherever you want (e.g. back to https://foo.example.com).

我的应用程序已成功使用此精确设置近两年了，我们每天为成千上万的用户提供服务.

My app has used this exact setup successfully for almost two years and we service thousands of users a day.

这篇关于具有通配符Oauth重定向URL的Facebook App的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！