My production deployment url is not properly getting redirected in google oauth
# Description
OAuth SSL Certificate Issue Summary for Replit Support
Problem: Google OAuth authentication fails in production due to SSL certificate mismatch on Replit’s OAuth routing infrastructure.
Technical Details:
Expected Behavior:
Production app: https://relationship-intelligence-xyz.replit.app
OAuth should complete on the same domain with valid SSL certificate
Actual Behavior:
OAuth requests automatically redirect to: https://workspace.xyz.replit.app
This workspace subdomain has invalid SSL certificate causing “Your connection is not private” error
Browser blocks the OAuth flow due to SSL certificate name mismatch
Environment:
Production Domain: relationship-intelligence-samisqscore.replit.app
Problematic Redirect: workspace.xyz.replit.app
OAuth Provider: Google OAuth 2.0
App Framework: Node.js/Express with Passport.js
Specific Error:
Error 400: redirect_uri_mismatch
Request details: redirect_uri=https://workspace.xyz.replit.app/api/auth/google/callback
SSL Error: NET_ERR_CERT_COMMON_NAME_INVALID
Root Cause:
Replit’s deployment infrastructure automatically routes OAuth callbacks through the workspace.xyz.replit.app subdomain, but this subdomain doesn’t have a valid SSL certificate matching its name.And also this URL is not actually my production URL. How will the generic workspace subdomain work with out any actual identifier for the correct project.
Right now am stuck with working module in development but can not show the same to interested parties in production.
Has anyone faced this issue or any other solution/workaround you will suggest.(Please note I have added the workspace.xyz.replit.app url also into my Google OAuth url redirect