If you are embedding StackOne components such as the File Picker in your application, you will need to host a redirect page within your application to support verification by Google. Google mandates that this redirect page be hosted within the same domain as your application. This is a requirement of the OAuth2 protocol. However, to properly authenticate the File Picker component, the returned token must also be sent back to StackOne. To support this, StackOne provides a custom redirectUri parameter in the OAuth2 flow. This allows you to specify a redirect page hosted on your domain, which will then redirect the user back to the StackOne OAuth2 authorization endpoint. This satisfies Google’s requirement for a redirect page hosted on your domain while also allowing you to send the token back to StackOne. The flow can be summarized as follows:
Overall oauth proxy redirect flow

Implementing the Redirect Page

The redirect page should be implemented as a simple endpoint that receives a GET request from Google with query parameters and redirects the user back to the StackOne OAuth2 authorization endpoint with the same query parameters. The StackOne OAuth2 authorization endpoint is: https://api.stackone.com/connect/oauth2/callback If you were previously testing with the StackOne authorization as your redirect URL, you will need to update your application to use your new redirect page before submitting your application for verification.

StackOne Redirect URL

To configure the StackOne custom redirect URL, you will need to set the redirectUri parameter in the OAuth2 flow to your custom URL:
Entering the redirectUri
In this case, when Google authenticates the user, it will redirect to https://mydomain.com/oauth2/callback with the following query, and then this endpoint will redirect the user back to the StackOne OAuth2 authorization endpoint with the same query parameters.