Is okta supports wildcards in Origin URL to add in the trusted origin ?
It doesn't seem like Okta supports wildcards when adding urls to trusted origin but there is an API endpoint that might be help. https://developer.okta.com/docs/reference/api/trusted-origins/#create-trusted-origin
You don't have to enter full URL in trusted origin. You can just add the hostname and all URL's with that hostname will be whitelisted.
Related
I'm using a Google Login component in my website that calls Google OAuth API. Is it possible to somehow define an IP whitelist together with the domains whitelist?
The expected result is that even if someone successfully identifies with a whitelisted-domain google account, it will still be rejected if their IP isn't whitelisted
When a domain is used on the consent screen or in an OAuth client’s configuration, it must be pre-registered. If your app needs to go through verification, up need to the Google Search Console to check if your domains are authorized.
Domains used for a redirect uri when the app is set to production must also be verified domains.
You cant set a domain as an ip address and you wont be able to set your redirect uri as an ip address either.
I deployed an app on Heroku and set up automatic SSL configuration. According to my Heroku, my app can be accessed via https. If I use that URL, the connection is indeed secure.
I added a Synthetic Recored in my google domain to point to this url. I also added a Custom Resource Record where the Name is www, Type is CNAME, and Data is my DNS Target for the app.
I can only connect securely when I use https://www.osrshub.com. If I use www.osrshub.com or osrshub.com, it is not secure. What am I doing wrong?
The comment from user2864740 is correct. I needed to update my front end to redirect to https.
Force SSL/HTTPS with mod_rewrite
I have been using openshift for quite some time. Since letsencrypt is in beta, I thought I gave it a try.
My current setup:
www.digrin.com is an alias to my openshift url - digrin-digrincom.rhcloud.com
digrin.com A tag points to wwwizer redirect service 174.129.25.170.
I have uploaded ssl certificates to openshift. It works fine on domain www.digrin.com. However since naked domain digrin.com points to wwwizer.com, it does not use https. I believe it is a problem. I want both domains (naked as well as www variant) to use https. Is it possible? I know wwwizer has some premium plan where it might be possible, but I would like a free version if possible.
If you don't know, I can not set cname for naked domain, so I had to use A tag to wwwizer, because openshift might change IP address.
Useful link:
How to use naked GoDaddy domain with OpenShift hosting?
If you are looking for a free (1 domain) service that redirects naked domains with valid SSL certificates. I moved from wwwizer to nakedssl to redirect to an Opensift server and it works fine.
Well first of all I had to generate ssl certificate for naked domain - digrin.com. I set temporarily A tag for digrin.com to openshift's ip and generated ssl certificate.
Now we have working certificate, but since A tag for digrin can not be set permanently, domain registrant must support naked domain redirect. More on this you can read here -> if you registrant does not support it, move to cloudfront (I will test cloudfront if my registrant will not add this feature within few months and will update this answer).
We're using DNS simple to point our domain to our SSL-enabled Heroku app. The behavior we're seeking is as follows:
http://ourdomain.com
https://ourdomain.com
http://www.ourdomain.com
Should all permanently redirect to:
https://www.ourdomain.com
We've already created a CNAME for www.ourdomain.com that points to our app's .herokussl.com domain, but we're not sure what to do with the naked domains. In GoDaddy, we used to do non-masked forwarding. DNSimple doesn't have forwarding, but does have special entries called ALIAS and URL, though we're not sure what to use.
To configure a redirect you should use an URL record as described in our redirect documentation.
However, it's not possible to redirect an HTTPS URL because of the priority between SSL negotiation and HTTP headers. In this case, because you also want https://ourdomain.com to redirect to https://www.ourdomain.com, then you need to create an ALIAS for ourdomain.com to your Heroku SSL endpoint and handle the redirect in your app.
Say I have an app with a Sinatra REST API at http://example.com:4567. With my app I have a designer working on the front-end. Rather than set him up with a local back-end I edit his hosts file as follows:
127.0.0.1 local.example.com
and his httpd-vhosts.conf as follows:
ProxyPass /api http://example.com:4567
ProxyPassReverse /api http://example.com:4567
so that API calls are proxied to the remote host. I then create a vhost for local.example.com in apache that maps to his local directory where our front-end repo is. This allows me to give him a remote back-end with a local front-end.
The reason for the subdomain is because we do Facebook authentication which has its restrictive domain policies for auth. We can successfully facebook auth a user and get redirected back to the app, but when attempting to get an access token get a 400 response with the message:
{"error"=>{"message"=>"Missing client_id parameter.", "type"=>"OAuthException", "code"=>101}}
I believe the client_id is correctly set as it's set in the rack:oauth:client object correctly, and the flow is identical and only fails when the domain is different. The only thought I have is that facebook might not like that the user auth's from local.example.com while the access token is requested from example.com, but my understanding is facebook will authenticate on all subdomains. I've also whitelisted local.example.com on my App.
Any insight or advice into how to accomplish this? Thanks in advance.
Turns out it wasn't a domain issue, but rather fb_graph, the open source fb api from nov, uses basic auth by default, you need to set auth to something other than ":basic" when you get the access token in order to solve this error.