I have a next.js project using next-auth that I am deploying with Vercel. I am using Google as an OAuth provider and have set it up for localhost and production environments, however Vercel also has their "preview" environments where it assigns a preview build to a subdomain that includes the commit hash. Is it possible to set up some sort of wildcard or something for the redirect URI and allowed origins so auth works in the preview environment as well? Or would it be better just to have a flag that turns it off entirely in this environment?
You can't set a redirect URI with wildcard, at least not in Google console. This could be possible if Google allowed you to use Pushed Authorization Requests, but as far as I know, they don't support it.
One thing which you could do, but which adds a bit of a complexity, is to set up an authorization server, which would use Google to log users in. The server could be always on the same domain, and the vercel app could call it, regardless of the url where it's currently deployed.