Let's say my app's main domain is at https://www.example.com
App is going to have lots of instances, i.e.
https://www.example.com/client1
https://www.example.com/client2
https://www.example.com/client3
<..>
In order to have OAuth2 authentication against my app, I currently have redirect URIs as such:
https://www.example.com/client1/SignInGoogle
https://www.example.com/client2/SignInGoogle
Is there a way to add one Authorized redirect URI for all of these clients? i.e.
https://www.example.com/*
or
https://www.example/com/*/SignInGoogle
Or does this URI has to be the exact match?
If you look at the Google Developer console
Must have a protocol (HTTP / HTTPS)
Cannot contain a URL Fragment (#)
Cannot contain a relative path.
Cannot be a public IP address.
Examples of Relitve vs Absolute URIs
Relative URI Absolute URI
about.html http://WebReference.com/html/about.html
tutorial1/ http://WebReference.com/html/tutorial1/
tutorial1/2.html http://WebReference.com/html/tutorial1/2.html
/ http://WebReference.com/
//www.internet.com/ http://www.internet.com/
/experts/ http://WebReference.com/experts/
../ http://WebReference.com/
../experts/ http://WebReference.com/experts/
./about.html http://WebReference.com/html/about.html
What you want to do is something like a Relative URI. What you need to remember is that an Authentication server is nothing but a web service. If you cant access the redirect URI from a normal web browser the authentication server cant either.
So no you cant do that it has to match exactly.
Related
I've hit a bit of a problem with creating an ads.txt file. I'm working with an advertiser, and they would like to host the ads.txt file so they can easily make changes to it.
Is it possible to set up a redirect in at
mysite.com/ads.txt
which points to something like
theirsite.com/mysite/ads.txt
If so, what would be the code to you in mysite.com/ads.txt to make the redirect work?
For those looking, I did eventually find a solution to this by editing the following line into the .htaccess (you'll need to alter the path for your own link):
RewriteRule ^ads\.txt$ "https\:\/\/theirsite\.com\/clients\/folder\/ads\.txt" [R=301,L]
Per IAB's ads.txt Specification 1.0.1 (September 2017), section 3.1 "ACCESS METHOD",
Only a single HTTP redirect to a destination outside the original
root domain is allowed to facilitate one-hop delegation of authority
to a third party's web server domain.
So you should be fine with a single redirection from mysite.com/ads.txt >> theirsite.com/mysite/ads.txt.
It is possible with restriction. You can use redirects, as many as you want within the scope of the original root domain, which is not the fact in your situation.
For a third party domain the restriction is that only a single redirect is allowed. You should check if this is the fact for your advertisers ads.txt url.
Another possible solution is:
Crawl the advertisers ads.txt and put it in your specific folder once or twice a day.
See the specification:
https://iabtechlab.com/wp-content/uploads/2017/09/IABOpenRTB_Ads.txt_Public_Spec_V1-0-1.pdf
If the server response indicates an HTTP/HTTPS redirect (301, 302, 307 status codes), the
advertising system should follow the redirect and consume the data as authoritative for the
source of the redirect, if and only if the redirect is within scope of the original root domain as
defined above. Multiple redirects are valid as long as each redirect location remains within the
original root domain. For example an HTTP to HTTPS redirect within the same root domain is
valid.
Only a single HTTP redirect to a destination outside the original root domain is allowed to
facilitate one-hop delegation of authority to a third party's web server domain. If the third party
location returns a redirect, then the advertising system should treat the response as an error. A
future version may address other delegation of authority to a third-party web server. Any other
redirect should be interpreted as an error and ignored.
In the setting of my App, I have set the site URL to be http://localhost/, in the app domain, I have indicated localhost.
Followed by in the Facebook Login Product, I have set Valid OAuth redirect URIs to be http://localhost.
but launch in my application, it gives me URL Blocked .... redirect failed because the redirect URI is not whitelisted in the app's Client OAuth Settings...
the redirect URI link is http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2Fao6eUeuGXQq.js%3Fversion%3D4
No matter what I change in the OAuth, the URI remains the same.
Anyone able to help?
Nope. Just localhost wont do. U need to put with port too. i.e http://localhost:3000/
There is NO url called http://localhost/ and If you put a port, it just talks about specific domain.
For example, if you put localhost which considered wild. For example what if you put www in your allowed url? It is considered illegal.
If you specify the port i.e http://localhost:3000/ then u just refereing to one domian at a time. And it is not wild nor illegal. Through this u are just allowing www.stackoverflow.com
I just created an app on facebook, my first time. I'm getting an error in the Basic Information. I got
Site URL must use the HTTP or HTTPS protocols.
I'm inputting "mysite.com" as said in the tutorial https://developers.facebook.com/docs/opengraph/getting-started/ i also tried inputting "www.mysite.com". I tried to input something like "http://mysite.com/" but I get the two errors displayed like this:
Error App Domains: http://mysite.com/ should not contain protocol information. Site URL must use the HTTP or HTTPS protocols.
What do I need to do here? I also tried the suggested answer in this Facebook Create New App Error - "should not contain protocol information.", but still getting either both or one of the two errors above.
The error message you are getting ("Site URL must use the HTTP or HTTPS protocols.") does not relate to the App Domain, but to the Site URL (in the "Website with Facebook Login" section).
While the App Domain must not have its protocol (HTTP or HTTPS) included, the Site URL should. See:
I am new to ASP.Net 4.0, and have seen a new feature called Response.RedirectPermanent(). I have checked a few articles, but I'm unable to understand clearly the actual meaning and difference of Response.RedirectPermanent() over Response.Redirect().
According to Gunnar Peipman,
Response.Redirect() returns 302 to browser meaning that asked resource is temporarily moved to other location. Permanent redirect means that browser gets 301 as response from server. In this case browser doesn’t ask the same resource from old URL anymore – it uses URL given by Location header.
Why do I need to check the server response such as 301, 302? And how does it get permanently redirected the page to the server?
301 response (RedirectPermanent) is very useful for SEO purposes. For example, you had a site implemented in ASP.NET WebForms and redesigned using ASP.NET MVC. You'd like to inform search engines that page /Catalog/ProductName.aspx becomes /products/product-name. Then you set 301 redirect from /Catalog/ProductName.aspx to /products/product-name and links in search engines' indices will be replaced. 302 (Redirect) is mostly for internal purposes. For example, the redirect after login (if returnUrl was set in URL).
How can I turn domain.com into https://www.domain.com (the actual address)? Is there an easy API for this?
The purpose is to allow a user to enter a domain in preferences and allow my app to convert that into a fully qualified web URL like a web browser does when I type google.com it returns http://www.google.com (ish).
If typing your domain.com results in https://www.your domain.com then the server is redirecting. Here is a rule to follow:
Construct "https://domain the user typed". Connect to that, and follow any 301 (permanent) redirects until you get a 200 response. Save the URL you end up at as the permanent one.
If your connection failed, try again with http:// instead of https://.
Do not assume that the "proper" URL contains "www."; if it should, then the server will redirect.
What's so hard about putting "http://www." in front?
How does that require an API?
Are you asking about the string concatenation API?
Use the NSURL class. More specifically, use initWithScheme:host:path where scheme is "http", host is your string and path is empty.