BA
Better Auth19h ago
Michał @ yournextstore.com

Wildcard domain

I have an unusual use case for auth: my authentication database is shared between multiple apps running on different subdomains. Accounts created in one app also exist in other apps. This almost works. However, I’ve stumbled upon a weird problem: sometimes both Google and Email/Password authentication fail. Google reports an incorrect redirect_uri, while Email/Password reports an invalid origin. I’ve tried debugging and found that the redirect_uri was indeed incorrect – even though I was logging in from domain.com, the redirect_uri was set to xxxx.domain.com, which is not allowed. Moreover, I’ve never even opened xxxx.domain.com before. I tried clearing all cookies and local storage, but that didn’t help. What can I do?
6 Replies
bekacru
bekacru19h ago
Set the redirect uri directly in the provide config For all providers you can pass ‘redirectURI’ in their config
Michał @ yournextstore.com
Michał @ yournextstore.comOP19h ago
Thank you! That could fix the problem for Google – I can manually set redirectURI. But I don't think it'll fix the invalid origin for email and password.
bekacru
bekacru18h ago
For invalid origin, what origin is shown as invalid
Michał @ yournextstore.com
Michał @ yournextstore.comOP18h ago
One of other subdomains that I use for email/pass login
bekacru
bekacru15h ago
add it to trustedOrigins list
Michał @ yournextstore.com
Michał @ yournextstore.comOP14h ago
That's impossible because I don't know the URL upfront. The domain could be anything and it would be infeasible to add 100000 domains to the list anyway. My trustedOrigins right now is this: 
trustedOrigins: (request) => {
    return [
        new URL(request.url).origin,
        `https://${env.NEXT_PUBLIC_VERCEL_URL}`,
    ];
}
trustedOrigins: (request) => {
    return [
        new URL(request.url).origin,
        `https://${env.NEXT_PUBLIC_VERCEL_URL}`,
    ];
}

Did you find this page helpful?