Redirect URIs

Registered URIs

Redirect URIs are a critical component of the OAuth 2 and OpenID Connect authorization flows. After authorization, Authorization server will redirect user to a registered redirect_uri included in authorization request.

You must register one or more redirect URIs if client's grant type either one of these,

  • Authorization code (or authorization code with PKCE)
  • Implicit
  • Hybrid (Authorization code + Implicit)

Redirect URI Values

Value typeURL/URI schemeDescriptionExample
HTTP URLshttp or httpsHTTP/HTTPS callback URL for the web app or single page application. URL can be a domain (public/private) or IP address.

Format: https://{domain}/{callback_path}

http://{domain}/{callback_path}

http://{IP}/{callback_path}		https://mydom d dain.com/callback

http://yourdomain.io/callback
Custom URI schemeA URI scheme to associate with the native mobile or desktop apps. MUST be a URI scheme based on a domain name under their control, expressed in reverse order.

Format: For domain app.example.com URI scheme can be com.example.app://callback_path		io.axioms.us.control.app://callback

com.facebook.app://oauth2/callback
Loopback IP addresshttpNative desktop apps that are able to open a port on the loopback network interface without needing special permissions can use the loopback interface to receive the OAuth redirect.

Format: http://127.0.0.1:{port}/{callback_path}		http://127.0.0.1:8000/callback

http://127.0.0.1:51004/oauth2/callback
important

When using localhost or local IP 127.0.0.1 for local development, make sure URI scheme is http i.e. http://localhost:3000/callback and not https://localhost:3000/callback. With https scheme browser may raise certificate validation error.

Validation of URI

When making an authorization request, redirect_uri parameter included in request should match with one of the URI in the client's registered URI list. Otherwise authorization server will raise an error.

GET /oauth2/authorize?
response_type=id_token token
&client_id=Sbje6L02ptXXKpQ5LLWR7OPvsJDiJnTC
&redirect_uri=https://app.test-unlimited.com/callback
&scope=openid profile email
&state=y87fdsad7hkadshasdhasad
&nonce=n-0S6_WzA2Mj HTTP/1.1
Host: auth.test-unlimited.com
explain this code snippet

Manage Redirect URIs

Navigate to Clients and find the client you want to configure. Click edit. Under Redirect URIs panel, click Add to register one or more URIs and click Update Details.

Manage Redirect URIs
Manage Redirect URIs
important

Redirect URI should not include fragment or query string parameter.