Oauth redirect uri for multi-tenant app
I am developing a multi-tenant web app (same code, separate databases) with possibly unlimited number of tenants. I want to give them the possibility to connect and use their own Box account for file storage. So the user connects to box.com for authentication through oauth2.
But here's my problem: the clients would access my app through different domains/subdomains. Thus, when authorizing with box.com, the redirect uri parameter will be based on that domain/subdomain and different from one tenant (client) to another. So the parameter sent through the account url will depend on the current tenant domain, while in the Box app console I can configure a single return uri.
Example:
// - the url of the first tenant
// - the url for authorizing with box, using the tenant domain/subdomain in the redirect uri
// - the url for the 2nd tenant
// - the url for authorizing with box, using the tenant domain/subdomain in the redirect uri
Let's assume we will have 200 tenants. That will mean we need 200 apps on Box? That would be illogical and, more important, unmanageable, since it is actually just one app being accessed through several web domains...
Is there a solution to this problem?
Thanks for the help!
Regards,
-
For what it's worth, an alternative approach I've used in the past is to handle the redirect through an interstitial page. In this case for example you could have the redirect URL be: https://auth.myapp.com/your/path and then that path will pick up the callback, determine the host of your user (through a cookie or a state param) and the redirect to the callback page for that tenant.
Please sign in to leave a comment.
Comments
2 comments