Google social login not redirecting to custom domain

Luc_Zentar · May 13, 2022, 4:40pm

Hello,

I am implementing google social log in but am having a problem with custom domain.

Currently the redirect URL is set to the backendless subdomain:

This leads to Google social login showing backendless.app as the provider, which is going to cause problems for user trust:

Backendless documentation says:

But this doesn’t work with Google as it only expects the backendless subdomain, and this error occurs:

It looks like I need a way to change the callback URL in the login providers section, is this possible?

Nikita_Fedorishchev · May 16, 2022, 5:25pm

Hello, @Luc_Zentar.

We are aware of this issue. At the moment, our developers are working on a solution to this problem. For now, I can suggest you to use api keys for this task(BKNDLSS-27504).

Best Regards, Nikita.

Luc_Zentar · May 16, 2022, 5:30pm

Thanks Nikita, is it possible for you to change the callbackURL in the code for my app in the meantime so that we can keep the current solution?

sergey.kuk · May 17, 2022, 9:42am

hello @Luc_Zentar

unfortunately, it is not possible. What sdk do you use?

Luc_Zentar · May 17, 2022, 4:53pm

@sergey.kuk we have a webapp > mobileapp onboarding process, so we are using the Backendless system for a webapp where the user registers an account, and then the SDK on the mobile app to handle logins after that (some users may also register on the mobile app, but most will be webapp).

mark-piller · May 17, 2022, 5:30pm

Hi Luc,

Do you have a custom domain added to your app in Backendless console?

Regards,
Mark

Luc_Zentar · May 17, 2022, 10:58pm

@mark-piller yes we do on app ID 9144D969-8CEB-81F4-FF84-987167CF6800

Luc_Zentar · May 18, 2022, 3:17pm

Another issue we’ve had with the custom domain is that I’m unable to point http://www.customdom.com, http://customdom.com or https://customdom.com to https://www.customdom.com because I’m unable to create a CNAME record. Is there anything you can suggest to fix this?

Luc_Zentar · May 23, 2022, 4:40am

@mark-piller did you have any more thoughts on this? It’s quite fundamental to our app, if there is any way to solve this in the short term it would be very helpful.

Andriy_Konoz · May 23, 2022, 7:41am

Hi @Luc_Zentar ,

is it possible for you to change the callbackURL in the code for my app in the meantime so that we can keep the current solution?

As a temporal solution you can try to disassemble authorization URL which you receive from the Backendless API, replace domain in redirect_uri link and assemble it back. It should work with all login providers except Twitter. Unfortunately it is the only way to resolve your issue at the current moment.

Another issue we’ve had with the custom domain is that I’m unable to point http://www.customdom.com, http://customdom.com or https://customdom.com to https://www.customdom.com because I’m unable to create a CNAME record. Is there anything you can suggest to fix this?

It should be possible to configure this on the side of your domain provider. What domain provider do you use?

Regards, Andriy

Luc_Zentar · May 23, 2022, 9:35am

Hi @Andriy_Konoz thank you for the reply.

Could you give me more information how to disassemble the authorization URL?

And I am sorry I used the wrong terminology for the second question. I have been able to create the CNAME record, it is the A record that I need to point to an IP address to be able to point the other URLs to the main custom domain.

Andriy_Konoz · May 23, 2022, 10:05am

@Luc_Zentar ,

Your authorization URL should look similar to this

https://google.com/authorize?response_type=code&client_id=clientId&redirect_uri=https://app.backendless.app/api/users/oauth/googleplus/authorize&scope=read:records&state=stateHash

All what you need is to replace https://app.backendless.app by required protocol and domain. It can done by simple string replace.
Note. It is important to add your final URL from redirect_uri to “Callback URLs” section on the Google App side.

And I am sorry I used the wrong terminology for the second question. I have been able to create the CNAME record, it is the A record that I need to point to an IP address to be able to point the other URLs to the main custom domain.

Unfortunately I still do not fully understand your problem. There should be no problems with binding www.{your domain} to {your domain} as far as I know. Could you please provide more information about this problem?

Regards, Andriy

Luc_Zentar · May 23, 2022, 10:20am

@Andriy_Konoz thank you. Where would I use this string replace? I am currently using the login providers functions and then this block in UI Builder

So I would add it like this?

With the second problem, the custom domain is https://www.customdomain.com.

At the moment, if I type any of these URLS:

http://www.customdomain.com
https://customdomain.com
http://customdomain.com

It doesn’t re-direct the user to the secure website. From what I understand, the way to do this is to create an A record pointing to the IP address of the website, which I am unable to do with the Backendless custom domain system. Is there another way to achieve this?

Andriy_Konoz · May 23, 2022, 12:11pm

@Luc_Zentar ,

Unfortunately my method will not work with UI Builder.

As for situation with domains, I can see that there is no problem for redirecting from http://www.customdom.com to https://www.customdom.com. It seems to me that the problem here that you try to redirect from root domain (customdom.com) to sub-domain (www.customdom.com). Usually the root domain specified as main and other variants configured to redirect to it.
Could you please try to make https://customdom.com main domain and redirect to it from all other variants?

Regards, Andriy

Luc_Zentar · May 23, 2022, 2:28pm

@Andriy_Konoz - how can I use the method if not in UI Builder? is there any documentation to explain how else to do this?

I cannot assign a CNAME to the root:

Andriy_Konoz · May 23, 2022, 3:03pm

@Luc_Zentar ,

The flow in general described here Social and OAuth2 Logins - Backendless REST API Documentation
You receive authorization URL (here you should make a change), open it in WebView or other controlled environment, wait till provider will redirect back to Backendless API and API responds with the JSON object. In this JSON object will be placed user info and user token for further authentication.
You can do it with any SDK which you prefer.

Speaking about domains. Checked your domain via whois. I looks like provider itself created A record for root domain.I will ask my colleagues about possible solutions for this situation.

Regards, Andriy

Andriy_Konoz · May 23, 2022, 3:42pm

@Luc_Zentar ,

About custom domains.
The only option for you is to create A record for your domain and point it to IP address of EU API 178.32.127.114. All other domain variants will point to your root domain.
But you should understand that this type of configuration is fragile one since Backendless API IP address can change in future. To prevent possible downtime for your site you should configure uptimerobot for your domain which will warn you when there are some problems.

Regards, Andriy

Luc_Zentar · May 23, 2022, 4:03pm

Thank you @Andriy_Konoz

Are there any plans to make any changes to this?

It feels like a big problem that will impact any user with a custom domain that is used on the web

mark-piller · May 23, 2022, 5:43pm

Root domain DNS mapping (the one without www or any other prefix) is restricted by DNS, it is outside of our control. Our IP addresses do not change frequently, but it may happen as the cluster grows.