Make OAuth2 endpoints available on subdomain.

Issue #11694 wontfix
Alexandru Guzinschi created an issue

Considering that Bitbucket exposes OAuth1 endpoints via<something> could be done something similar for OAuth2 ? (which currently is at<something>)

Maybe something like<something>.

This could be useful for API client libraries which defined their base URL as and at this point in time they need to be reconfigured before and after making a request on a OAuth2 endpoint (like for example).

Comments (2)

  1. Erik van Zijst

    The reason the OAuth 2 URLs live on the domain and not on is because some grant types involve interactive browser access. The /authorize endpoint relies on the user's session cookie to authenticate the end user.

    Since we do not support session cookie authentication on our domain, we cannot host the authorize endpoint there. Also, since we did not want to end up hosting the OAuth authorize and access_token endpoints on different domains, we ended up with both on

    OAuth 1 is slightly different as it does straddle both domains, but this is somewhat due to historical reasons and not something we wanted to continue with OAuth 2.

  2. Log in to comment