Configure redirect URIs

Your redirect URI(s) defines where the user lands after successful login or registration. Each redirect URI must be added to your OIDC login client configuration, otherwise an error will be thrown upon user authentication.

To complete this task, we will:

  1. Get a token to use in configuration calls
  2. Configure your redirect URI(s)

In this section, you’ll make RESTful API calls to the Identity Cloud using your platform or language of choice. We provide complete sample calls in cURL format.

New to making API calls?

Get an access token

In order to configure your redirect URI(s), you must first obtain an access token to authorize your configuration. To do this, you’ll make a call to the Hosted Login configuration endpoint: /login/token

This call requires Basic Authorization. To create the authorization code for this call, your configuration_client_id and configuration_client_secret must be combined with a colon in between (id:secret) and then base64 encoded.

Find my configuration client id and secret
How to create the authorization code in Postman
curl -X POST \ \
	-H 'Authorization: Basic AUTHORIZATION CODE' \
	-H 'Content-Type: application/x-www-form-urlencoded' \
	-d 'grant_type=client_credentials' \
	-d 'scope=*:config/**'

The scope in this case will grant your token full read/write access to all Hosted Login configuration endpoints.

Enter the access_token from your call’s response below. We’ll use this in the next step.

See example of an access token

Configure your redirect URI(s)

Now that you have an access token, you can use it to make the following Hosted Login configuration calls for adding your redirect URI(s) to your OIDC login client.

Unlike the previous /login/token call, which required Basic Authorization with an ID and secret, these calls require Bearer Token Authorization with the access token you just provisioned. This token lasts one hour - when it expires, you can provision a new one.

Step 1: GET client configuration

Call the /config/clients/<janrainOidcClientId> endpoint with GET method to get your OIDC client configuration. This configuration includes your redirectURIs.

curl -X GET \ \
	-H 'Authorization: Bearer ACCESS_TOKEN'

Step 2: Edit client configuration

Copy the full JSON object from the response and paste it into the text box below. Then add your redirect URI(s) into the redirectURIs array.

NOTE! All non-localhost redirect URIs must be served over HTTPS.

See example of an updated client configuration

Tip! The _links object is not configurable and can be safely removed from the JSON for simplicity, as in the example above.

Step 3: PUT client configuration

To publish the updated configuration, call the same endpoint with the PUT method, passing the full, updated JSON object in the body of the call.

curl -X PUT \ \
	-H 'Authorization: Bearer ACCESS_TOKEN' \
	-H 'Content-Type: application/json' \
Troubleshooting Tips

You’re now ready to integrate Hosted Login with your site or app!