Configure redirect URIs
Your redirect URI(s) defines where the user lands after successful login or registration. Each redirect URI must be added to your OIDC login client configuration, otherwise an error will be thrown upon user authentication.
To complete this task, we will:
- Get a token to use in configuration calls
- Configure your redirect URI(s)
In this section, you’ll make RESTful API calls to the Identity Cloud using your platform or language of choice. We provide complete sample calls in cURL format.
We recommend using a platform called Postman - a downloadable application for making API calls easily. You can download Postman here.
In this guide, we use your inputs to generate the calls for you in cURL format, which you can import into Postman:
- In Postman, click the Import button in the upper-right corner.
- In the resulting popup, click the Paste Raw Text tab.
- Copy the cURL call we provide into the text box and click the Import button.
- Your call will be populated into a new tab in Postman. You can review the call as it is constructed in Postman, and click the Send button to make the call.
Get an access token
In order to configure your redirect URI(s), you must first obtain an access token to authorize your configuration. To do this, you’ll make a call to the Hosted Login configuration endpoint: /login/token
This call requires Basic Authorization. To create the authorization code for this call, your configuration_client_id and configuration_client_secret must be combined with a colon in between (id:secret) and then base64 encoded.
You can find the Configuration Client ID and Secret in the Identity Cloud Console:
- Click your application in the left column to expand menu
- Click MANAGE APPLICATION
- Find the
configuration_client_idandconfiguration_client_secretsettings under Global Settings in the Custom Settings section
Postman will create the authorization code for you. All you need to do is:
- Import the call below into Postman
- Go to the Authorization tab for this call
- Under Type, select Basic Auth
- Enter your
configuration_client_idas the Username and yourconfiguration_client_secretas the Password
When you Send the call, Postman will generate the Authorization header for you, and this will override the Authorization template from the imported call.
curl -X POST \
https://v1.api.REGION.janrain.com/CUSTOMER_ID/login/token \
-H 'Authorization: Basic AUTHORIZATION CODE' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials' \
-d 'scope=*:config/**'
The scope in this case will grant your token full read/write access to all Hosted Login configuration endpoints.
Enter the access_token from your call’s response below. We’ll use this in the next step.
1abCde2f3ghI45J6KLmNoPqrstuvWXyZ-A78bcDe_9fg0hij-kL1MNOpQ2R_StU3
Configure your redirect URI(s)
Now that you have an access token, you can use it to make the following Hosted Login configuration calls for adding your redirect URI(s) to your OIDC login client.
Unlike the previous /login/token call, which required Basic Authorization with an ID and secret, these calls require Bearer Token Authorization with the access token you just provisioned. This token lasts one hour - when it expires, you can provision a new one.
Step 1: GET client configuration
Call the /config/clients/<janrainOidcClientId> endpoint with GET method to get your OIDC client configuration. This configuration includes your redirectURIs.
curl -X GET \
https://v1.api.REGION.janrain.com/CUSTOMER_ID/config/clients/OIDC_CLIENT_ID \
-H 'Authorization: Bearer ACCESS_TOKEN'
Step 2: Edit client configuration
Copy the full JSON object from the response and paste it into the text box below. Then add your redirect URI(s) into the redirectURIs array.
NOTE! All non-localhost redirect URIs must be served over HTTPS.
{
"id": "1ab23456-7c8d-90ef-g123-45hij6789012",
"name": "My Public Login Client",
"redirectURIs": [
"http://localhost",
"http://localhost:3000/redirect_uri",
"https://oidc-playground.akamai.com/redirect_uri",
"https://mydomain.com/redirect-url"
],
"loginPolicy": "1ab23c45-6789-0123-d4ef-5g678h90ijk1",
"tokenPolicy": "a123bcde-4f56-7890-gh12-i34j567k8l90",
"type": "public"
}
Tip! The _links object is not configurable and can be safely removed from the JSON for simplicity, as in the example above.
Step 3: PUT client configuration
To publish the updated configuration, call the same endpoint with the PUT method, passing the full, updated JSON object in the body of the call.
curl -X PUT \
https://v1.api.REGION.janrain.com/CUSTOMER_ID/config/clients/OIDC_CLIENT_ID \
-H 'Authorization: Bearer ACCESS_TOKEN' \
-H 'Content-Type: application/json' \
-d 'MY UPDATED CLIENT CONFIGURATION'
- If Postman throws an error when you attempt to import this call, check the
"name"value in your client configuration for apostrophes (example:"name": "Wayne's World Public Login Client"). If there is an apostrophe in the"name"value, remove it before importing the call. Then you can add it back in the Body tab of the call after you’ve imported it. - If you receive the error
Invalid request: redirectURIs are invalidwhen you make this call, this may mean you’ve attempted to add a redirect URI that is served over HTTP instead of HTTPS. Please note that all non-localhost redirect URIs must be served over HTTPS. - If you’re experiencing any other issues and are unable to troubleshoot further, please reach out to your Akamai Representative and we’ll be happy to help.
You’re now ready to integrate Hosted Login with your site or app!