Changes to Meteor packages (OAuth & Google) to support Meteor web app deployed under multiple domains (for branding purpose, for example).
Only changes to Google and the core OAuth packages are included here. Other OAuth packages, such as Facebook can be amended in a similar way.
The solution does not include sharing the login state across the domains. If that's what you need, there's another suggested solution for that on the net.
Note: The files attached don't include complete source code from the packages but only changed functions.
The web application is deployed with multiple CNAME records pointing to the same instance - main.example.com
, brand2.example.com
. The application is starting with ROOT_URL=https://main.example.com
. Both domain names are registered as authorised origins and redirect URIs in Google API manager.
Custom client code for Meteor.startup
overrides the Meteor.absoluteUrl.defaultOptions.rootUrl
as required (example attached).
When the server side prepaires HTTP POST request to exchange authorization code to an access token, the value of redirect_uri
parameter depends on the current ROOT_URL
(same for connections via different domain names). This results in mismatch of the redirect_uri
during the the authorization code request and the token request.
Pass the rootUrl
used with the authorization code request from the client to server side inside the state parameter and use it to override rootUrl
while building a redirect_uri
for the access token request.