One app - many subdomains

vanderv · ‎02-01-2016

How i should configure Callback URL for use app in many subdomains (near 1000) (sub1.example.com, sub2.example.com and etc)

JeremiahFitbit · ‎02-01-2016

This is an unusual use case. Can you please explain what you're doing?

You'll likely hit the character limit (3000) before you can add that many redirect URIs.

vanderv · ‎02-01-2016

Thanks for your reply. We operate a Healthclub software from Fisikal.com. When our customers use the software each club leverages their own subdomain ie equinox.fisikal.com for example.

Our solution automatically assigns a subdomain based on the health club chains name.

We are keen to have a solution whereby we can allow each of the club chains to leverage our existing cuttingedge.fisikal.com.

Is this something you can accommodate?

Best wishes,

Rob Lander
CEO
www.fisikal.com

JeremiahFitbit · ‎02-01-2016

It's not something that we plan on supporting, at least in the near term.

We strongly recommend that apps that act on behalf of another company register an app on dev.fitbit.com for each of their customers. Otherwise, you'll need to use a more generic redirect URI for all of your customers' customers.

vanderv · ‎02-01-2016

Sorry you misunderstand me. They are all within Fisikal. We put a subdomain on our software for our customers. All the end points map directly into Fisikal.com

Are you able to white label *cuttingedge.fisikal.com at all?

Best wishes,

Rob Lander
CEO
www.fisikal.com

JeremiahFitbit · ‎02-01-2016

No, we don't have that ability. The OAuth 2.0 specification requires an exact match for good security reasons. (Other OAuth 2.0 providers only match on hostname, not full URI, but even in that situation, it's unreasonable to expect to match more than a couple hostnames.)

thidev · ‎02-16-2016

We have the exact same issue. Is there a way to expand the 3,000 character limit? This only allows us access to roughly 42 different hostnames.

JeremiahFitbit · ‎02-19-2016

How much bigger would you need it to be? This is really going against our intent—we don't want to match a bunch of different hostnames for a single app. It's more of a convenience for apps that have multiple environments (QA, staging, production, etc).

thidev · ‎02-23-2016

We have over 130 different subdomains (and growing) but we found a different solution with logging in the user that is sent back through the state addition, then forwards them back to their original subdomain after completing the fitbit process. But we're not keen on sending information that could log someone in via the state method if at all possible.

jeremiahlee · ‎02-23-2016

@thidev wrote:
But we're not keen on sending information that could log someone in via the state method if at all possible.

Then don't pass that information. You can put whatever value in there you'd like. It doesn't have to be the same value of your cookie session or something. You could just use the subdomain of origin and no user-specific information.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

One app - many subdomains

vanderv

JeremiahFitbit

vanderv

JeremiahFitbit

vanderv

JeremiahFitbit

thidev

JeremiahFitbit

thidev

jeremiahlee