How can we automatically add the redirect URI in the Quickbooks auth using some API?
Edit:- In my case, my website has functionality of creating sub-domain on the basis of some random keywords. Suppose if my website is facebook.com and someone creates his own company inside it
Company name Website
1. tata tata.facebook.com
2. tesla tesla.facebook.com
So I want to add the website url name to the redirect URI as soon as company is created. I don't want to add it like manually.
How can we automatically add the redirect URI in the Quickbooks auth using some API?
You can't.
In my case, my website has functionality of creating sub-domain on the basis of some random keywords.
You won't be able to do this.
A better way to handle this is to have a single domain dedicated to the OAuth handshake for new connections, and always use that domain. You can use the state parameter of OAuth to track who is connecting so you know the correct subdomain to bounce them back to after OAuth redirect.
Intuit (and most other cloud providers) do not allow wildcards or dynamic domains because there are some significant security risks to doing so:
https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.5
http://technotes.iangreenleaf.com/posts/closing-another-nasty-security-hole-in-oauth.html
https://security.stackexchange.com/questions/180505/why-is-a-wildcard-subdomain-callback-url-in-oauth-considered-unsafe
Related
We have an app that let our users use their own domain to access our platform.
For example, if our website domain is "abc.com", we allow our user to use their own domain (for example "external.net") by setting this domain to point to our server.
To achieve it, we need to set their domain each time in our "Google Console"(/Microsoft) so that the authentication (we do have a login of course) will work with their domain as well...
The thing is that we think maybe we could accomplish such a result by just forcing all our users to use our main domain (abc.com) and just after they log in, we will redirect them to their domain.
It will save us the time to add each time their domain to "Google Console"(/Microsoft).
The question is if it's something that we really can do, or google will disallow such auth if which user comes from A domain, and will use B domain with the token he got from A domain.
*If such a thing is not allowed, is it allowed by using my subdomains? like user1.abc.com / user2.abc.com etc... without having to fill those subdomains in the provider console (Google/Microsoft).
I hope the question is clear enough,
Thanks!
A note about verification of your applicaiton.
In order to have this application verified you are going to to Verify your site ownership for every domain listed as a redirect Uri or a JavaScript origin.
So the only way that is going to work is if you can prove you own those domains. By registering them in google search console.
I am trying to create a saas and for that, I need to create an API and I am not sure how can I create an endpoint like this https://api.karix.io/message/ here domain is https://api.karix.io and endpoint is the message. I know how to create an API using nodejs but not sure how can I create for the domain-specific.can anyone help me with this problem?
A domain is basically a link to an ip-adress. There are DNS-Servers who transate between the human readable form and the ip.
If you want to run your app on a specific domain you need to purchase that domain (which can be quite costly) and the dns Server will create a link between the domain name and ip adress.
So basically you dont need to do anything in order to create the rest-api for your domain.
Later the request are similiar to this:
https://api.karix.io/message/
http://192.168.111.111:80/message <- The ip obviously differs in production
The name of the domain should be accessible in your request-Object atleast in the express framework.
I have registered my domain name example: zoek.com in Google domains forwarding it to google sites sites.google.com/view/zoek/home.
Now, whenever users are visiting zoek.com, the URL in the browser is redirecting to sites.google.com/view/zoek/home. Instead, I want to retain on zoek.com
I added CNAME record as per instructions, still no luck
I don't have GSUITE. I want to do it without GSUITE. Is it possible?
IF I have to buy GSUITE then what's the cost of it yearly?
Thanks in Advance!
We are migrating our old site on prem to a new one hosted on Azure but we need to maintain the old site online.
So imagine the following scenario:
new site: www.site.com
old site: www.oldsite.com
This is what we need:
if a user enter www.site.com/somepath and "/somepath" doesn't exist (url not found), it must be redirected to the onprem www.oldsite.com/somepath
Is it possible? How to write the Azure application gateway rule for url not found?
Thank you in advance, Marco
URL path based rules support notion of default path which is used when none of the path rules match. In your scenario you could set a default backend pool which redirects user to oldsite.com/somepath for any request received. You can then configure path based routing so that site/somepath goes to new pool, site.com/somepath2 goes to another pool.. if none of the url paths match the request would be sent to default pool from where it could be redirected to oldsite.
I believe you are use a URL Redirect to achieve this.
Create an application gateway with URL path-based redirection using Azure PowerShell
https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-external-site-redirect-powershell
In addition, if you open the links provided and look to the left you will see even more options. Some of which you might find useful.
we have a saas web app, written in zend mvc (php) where users can enter their own domain name in their settings page.
When they enter e.g. www.customdomain.com we want this domain to redirect to our web application so we can serve up their own pages from our app.
We do the same already for subdomains by having a *.ourapp.com entry in our DNS configuration.
that works great for subdomains like customdomain.ourapp.com.
This doesn't seem to work for full domain names like www.customdomain.com.
What's the easiest way to have any domain address link to our application, so we can just read out the incoming domain name and act accordingly in our app?
For letting the DNS entry point at your servers:
Domain is already registered (and owned by the customer): Make him configure the CNAME entry to your server's IP. (Even google let this do the enduser by hand - so automating this might be hard)
Domain is free: Register it, configure the CNAME yourself (you own it)
If you only want a redirect, the user can upload a html file or .htaccess file, that performs the redirect. But this has to be done by the customer, too.