问题
I'm working on project which based on multitalency concept where users registered their domain info and we create for them. Each sites uses google oauth for viewing google analytics report and for that they need google oauth authorization in their admin pannel of each sites. Problem I'm facing is that i registered one application on google api and it generate a clinet-id plus javascript-origin and redirect-url also defined at time of creating google-oauth project in google-api. I need to know is their any possible way to use that client-id without define javascript-origin or redirect-url, so google-oauth redirect url will be defined at client side with javascript? I dont want to register each domain and callback url in google api. Is their any possibility to use global client-id even google has fixed twenty(20) site allowed on each application.
I'm using google's javascript oauth script which requires CLIENT-ID and API-KEY the code i have got from this google-analtyics reference
gadash.configKeys({
'apiKey': API_KEY,
'clientId': CLIENT_ID
});
回答1:
The answer to your question "is their any possible way to use that client-id without define javascript-origin or redirect-url?" is no. These requirements are there for security. If a client could define them, it would defeat their security purpose.
Have a look at the "state" parameter to the callback URL (https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl). You can use this to tell your callback routine where the callback originated, and it can then behave or redirect accordingly.
来源:https://stackoverflow.com/questions/18677864/google-oauth-client-id-for-multiple-site-multitalency-purpose