How to specify response URL in GCP for custom Google OAuth with Netlify Identity?

We are considering Netlify but one of the things that we need to be able to do is secure site previews so that they can only be accessed by users in our Google Cloud Platform setup.

When setting up the OAuth application in Google Cloud Platform it wants a return URL to load once the user has signed in. How would this be specified when using Netlify since the return URL is different depending on which branch/deploy context you were previewing. The UX would be pretty bad if the auth return URL switched to a different deploy context.

Yes, Netlify will give you a different URL for each branch, but I don’t think there’s any better way for that. This question would be more suited for GCP support as they can probably suggest a workaround.

However, you might try doing it this way:

  1. Create a page that would load all your branches/deply-contexts, etc. You could use Netlify API for that.
  2. Keep that as a steady URL. So, you could use that to configure the URL in GCP.
  3. Use that link to authenticate users and once authenticated, they could see the links to all the branches, deploys, etc.

However, if you go down that path, you’d have to check on your branch deploys that the users are visiting your website are indeed authenticated as once they get the link, they could share it with anyone. I’m not sure how GCP handles this, but if you can set a cookie that could be checked, that might help.

Finally, if you can consider an alternative than GCP, I could suggest you Role Based Access Control. Using that, you can use Netlify Identity or any other JWT-based auth provider and you could gate your content to those with a specific role. However, I don’t think you can migrate your current GCP users into that or if GCP supports JWT itself or something of that sort. If it’s possible, this might be the best way.