Ability to define the SSO route's domain?

[nathan-io]

Hi,

Not a bug, just a question.

We're using subdomain routing in our Laravel application. Our authentication routes are bound to the "account." subdomain.

Accordingly, I'd like to have the sso.login route bound to this subdomain only. It is currently a global route that you can access from any (sub)domain at discourse/sso.

Not sure how to accomplish this.

Thank you!

[jimmypuckett]

I am sorry that I am not really following your question without some example code. Maybe post up some of your route file?

[nathan-io]

Hi Jimmy,

We have several route files, one for each subdomain. The SSO routes aren't defined by us in our route files, but by the package itself. So I'm not sure how that would be helpful.

Laravel allows you to bind a route to a (sub)domain (docs).

The way the package registers its routes, they are valid on any subdomain that the application listens on. This is undesired behavior, because we don't want someone (for example) hitting https://api.site.com/discourse/sso, or https://admin.site.com/discourse/sso.

We want to bind the route exclusively to the account. subdomain, so it can only be accessed at https://account.site.com/discourse/sso.

Laravel Nova, Laravel Horizon, and Laravel Telescope are examples of packages that allow you to define the subdomain that the routes are registered on, via a config file. And when Nova (for example) registers its routes, they are then registered only on that subdomain.

    /*
    |--------------------------------------------------------------------------
    | Nova Domain Name
    |--------------------------------------------------------------------------
    |
    | This value is the "domain name" associated with your application. This
    | can be used to prevent Nova's internal routes from being registered
    | on subdomains which do not need access to your admin application.
    |
    */

    'domain' => env('NOVA_DOMAIN_NAME', 'admin.' . config('app.domain')),

So because we've configured that, you can access Nova only on https://admin.site.com and not on any of the other subdomains our application listens on.

Hope this makes sense.

To implement this, I imagine all that's needed is to check a config() value for the presence of a domain name when the package is registering its routes. If found, bind the SSO routes to that domain using the domain() method on Route:

Route::domain(config('services.discourse.route_domain', null)->group(function () {
   // define SSO routes
}

Just not sure if you can pass null there as the fallback value. The idea is just that if it's not defined, we register the routes globally.

[jimmypuckett]

@nathan-io I just pushed a #44 feature branch, that allows adding a domain into the config. If you want to pull it into your project & test it, then I will clean up it. merge & tag it.

[nathan-io]

Thanks @jimmypuckett , working great!

Result of php artisan route:list | grep sso

With the services.discourse.domain config value set:

| account.site.test | GET|HEAD      | discourse/sso  | sso.login | Spinen\Discourse\Controllers\SsoController@login

Without that config value being set:

|                   | GET|HEAD      | discourse/sso  | sso.login | Spinen\Discourse\Controllers\SsoController@login

[jimmypuckett]

OK, I will merge & tag.

[jimmypuckett]

I just pushed 2.7.0.