0

I am building a web application where development teams can install and use inside their companies. I am exploring the possibility of adding SSO support with Github since it is very convenient for developers.

In Github API, Auth0, Google etc. you need to specify Callback URLs.

The problem is that since everybody can deploy an instance of my application they can host it under any valid domain or just use a local ip address. So the Callback URLs cannot be predefined.

One option is to instruct people to deploy the app under certain local domains/subdomains. However, I don't think this is a good solution.

Do you know any other options that might solve my problem?

Is SSO only suitable for apps that run under global(already known) domains?

jahnestacado
  • 593
  • 3
  • 9
  • If you are building the app, you can build a generic OAuth or SAML integration. So your customer can configure your app to integrate with their authentication/authorisation mechanism... what I'm saying sounds obvious to me, so I have the feeling I'm missing something. – Augusto Jun 07 '17 at 18:17
  • @Augusto Most of the OAuth provider (if not all) require a autorization callback URL. If an application is accessible through the internet, which means that it already hosted under a known domain then there is no problem. In my case I am building an open source SPA which can be installed anywhere. Maybe it will be accesible through arandomurl.com or under localhost:5555. Moreover I don't want to force people to deploy the app under a certain subdomain(some providers allow subdomain matching for the callback URL). So how do you build a generic OAuth integration for an unknown callback URL? – jahnestacado Jun 08 '17 at 13:21

0 Answers0