Hello everybody, I think I need some help with Social Sign-In with Google: Initial configuration is simple (both on ORY and on Google), but it the Redirect URI gives me headaches. It looks like this: https://<slug>.projects.oryapis.com/self-service/methods/oidc/callback/google The redirect URIs for Microsoft and Apple look similar, but these two services do not want to validate the domain ... But Google does! So when I configure the Consent Screen in Google they expect me to claim domain ownership for projects.oryapis.com or even oryapis.com , which I cannot do. I have a custom domain, but the Redirect URI is always https://<slug>.projects.oryapis.com/... What am I missing? Thank you for your help and your support!

What error are you encountering?

sorry, i was still editing the original post

I think you can set the redirect URI to your custom domain instead of oryapis.com. @bland-eye-99092 @proud-plumber-24205 can either of you confirm? thanks!

How would I do that?

Can you set https://<your-custom-domain>/self-service/methods/oidc/callback/google as the redirect_uri on the google side?

I can (and I have), but that is the easy part. When I go to https://my.custom.domain/ui/welcome and click Sign In I am presented the login dialog. When I click on "Sign in with Google", I cannot change the redirect url. Where do I configure that redirect url? It is grayed out in the UI.

Hi @curved-wolf-66275 Simply replace the <slug>.projects.oryapis.com -> my.custom.domain in the URL on the google settings page since google will be doing the redirect and not Ory. Also look at https://www.ory.sh/docs/concepts/redirects for navigating the user after a flow has been completed (e.g. after successful sign in i want the user at https://dashboard.com

I am afraid that is not true: we configure a list on Google with the allow redirect URIs, but the URI we want to redirect to is passed by ORY

ah okay, i see now; i'm trying this on a production project that has google sign-in working, and they also have the oryapis URL as redirect_uri, so I'm a little confused

This is what they sent me:

Yes, this is correct, the Authorized redirect URIs should only point to your custom domain + /callback/ (the domain you added to your Ory project). Are you initializing the request from your custom domain? or from the Ory slug url?

Please see above for a screenshot of the credentials page. If I enter

https://<slug>.<http://projects.oryapis.com/self-service/methods/oidc/callback/google|projects.oryapis.com/self-service/methods/oidc/callback/google>

as Authorised redirect URI they want me to have

<http://oryapis.com|oryapis.com>

on the content screen as well.

So in the Google Credentials setup screen, please only add your custom domain +

/self-service/methods/oidc/callback/google

since this should be the only allowed redirect URI. Ory automatically handles the

https://<slug>.<http://projects.oryapis.com|projects.oryapis.com>

to custom domain

<https://my-custom-domain.com>

through 307 redirects, so it should work correctly. Navigate to the Account Experience https://my-custom-domain.com/ui/login and try the OIDC flow. The URL to google should contain the

redirect_uri=<https://my-custom-domain.com>

For the consent screens, continue using your custom domain.

That is the problem: The URL that is sent to Google still points to https://<slug>... -> not to my custom domain.

I see, could you send me in a DM a google chrome har file so I could see the requests? follow the steps: 1. Navigate to account experience <custom-domain>/ui/login 2. Click sign in with google 3. Follow the process until it errors

Sure!, see DM

I checked it and it definitely isn't behaving correctly. I'll need to take a look at it

Thank you!