https://www.ory.sh/ logo
Join Slack
Powered by
:question: Custom OIDC Redirect URI Hi Ory Team, W...
# ory-network
a
ā“ Custom OIDC Redirect URI Hi Ory Team, We're implementing custom social providers (OIDC) with #C02MR4DEEGH and have an issue with the fixed redirect URI field in the setup:
Copy code
https://<slug>.<http://projects.oryapis.com/self-service/methods/oidc/callback/<providerId|projects.oryapis.com/self-service/methods/oidc/callback/<providerId>>
When attempting to replace it with our custom domain (
<https://auth>.<domain>.com/self-service/methods/oidc/callback/<providerId>
) the request obviously fails with 400: 
redirect_uri_mismatch
. Is it somehow possible to replace the redirect URI with the custom domain? There are multiple reasons why this is important for us: ā€¢ We are serving cautious B2B customers. Whitelisting arbitrary domains like 
<slug>.<http://projects.oryapis.com|projects.oryapis.com>
on their networks is a no-go for them when integrating our service. They want to have a clear list of subdomains which we control. ā€¢ Those B2B customers have to go through a setup process with us. Its weird we have to tell them they have to allow the redirect URI from oryapis.com in their OIDC setup. We'd rather have them allow a subdomain from us. ā€¢ Its confusing for the users; e.g. when going with Google OIDC, its written "Continue to oryapis.com" instead of our domain, which would be much clearer. Thank you šŸ™‚ cc: @mysterious-processor-51766
h
Yes, there are ways to do that, just keep in mind that if you change your CNAME domain you will need to update all social sign in methods. You can do this with:
Copy code
ory patch identity-config <project-id> \
  --add '/selfservice/methods/oidc/config/base_redirect_uri="<https://your-custom-domain/>'
@wonderful-lamp-2357 fyi
a
@high-optician-2097 thank you for your quick help, but the CLI gives me an error:
Copy code
value for /services/identity/config/selfservice/methods/oidc/config/base_redirect_uri must be valid JSON but got: <https://auth.domain.com/>
My command:
Copy code
ory patch identity-config project-slug-foobar --add '/selfservice/methods/oidc/config/base_redirect_uri="<https://auth.domain.com/>"'
m
Maybe this helps? Read first from https://www.ory.sh/docs/cli/ory-get-identity-config And then adjust it and update the full config? https://www.ory.sh/docs/cli/ory-update-identity-config
a
got it to work, thanks šŸ‘
5 Views
Open in Slack
PreviousNext
Powered by