Hey there, we are using Ory Network with Google social sign in enabled. The google auth screen does show oryapis.com as redirect domain. Is there a way to change it to our custom domain?

what did you set for the Redirect URI (Console: "Use this value during your OAuth2 client registration on Google's side. It's where the user will be redirected after authentication is successful.")

There is this text field “Redirect URI”, but it’s disabled and holds the Ory project url. When I change the redirect url at Google with a modified url (replace the ory project url with our custom domain) it isn’t working anymore. Seems that these 2 values for “Redirect URL” must be the same at Ory and Google.

@steep-lamp-91158 do you know what's going on there?

yes, that has to be our domain right now AFAIK @high-optician-2097 might know if you can change that

Oh, is there no way to customize this on the Google end?

Ok, I have tried that but the login process did not work after changing the settings at Google. Let me retry and post the error message.

Ok, you can overwrite it manually but it’s not really recommended. My question was if you can change the consent screen of google, there’s a couple of options, maybe you can properly add your brand there?

unfortunately we already have a similar configuration and there was nothing to improve. thanks so far, I guess we would need the ability to customize the redirect URI to see another domain name at the auth screen. As an idea you could make an option in the UI to choose between ory project or custom domains.

Ok, that is definitely possible using the Ory CLI. Basically what you have to do is to change the

selfservice.methods.oidc.config.base_redirect_uri

value. You should add your custom domain there, so e.g.

<https://auth.example.org>

. I don’t think trailing slashes matter here, but let’s omit it. You can change the config value using the Ory CLI. There is docs on this here: https://www.ory.sh/docs/guides/cli/identity-cli You can either do this by exporting the YAML, changing the relevant part, and importing. Or by using patch. I guess it would be something along the lines of:

ory patch identity-config <project-id> \
  --replace '/selfservice/methods/oidc/config/base_redirect_uri="<https://auth.example.org>"'

If replace does not work (the patch API needs a bit of work on our end for better resilience …) you can try add:

ory patch identity-config <project-id> \
  --add '/selfservice/methods/oidc/config/base_redirect_uri="<https://auth.example.org>"'

Please be aware that this will impact all your oauth2 redirect URLs and social sign in providers. It also means that we can not fix the value for you if something changes with regards to your custom domain etc. We do have tests for this case, but we try to keep it streamlined for most projects. So maybe add this to some internal documentation that this is how you changed it so that others in your team know :)

Sure, can add this to the Google social sign-in document. Just need to digest this thread to understand what this is about and come up with a good way of explaining this 👍

Thank all of you, I will try that workaround via CLI

let us know how it goes! we’re here for you :)

Do you have this tracked somewhere @wonderful-lamp-2357? The question just came up again.

This is working, and so far no issues or sideffects. I’ve downloaded the identity-config, changed it locally, then updated.

ory update identity-config ...