Why Don't My Users See the "Back to App" Button in Their User Profiles?

ImportantIdentity Cloud's 2FA feature is currently in Limited Availability. Please contact your Akamai representative as usage of 2FA features must be approved during Limited Availability.


In Hosted Login v2, it’s possible to add a Back to App button to a user’s user profile:


If the user clicks this button, they’ll exit their user profile page and be redirected to a page of your choosing. (Which page of your choosing? As you might expect, that’s entirely your choice.)


This a big improvement over Hosted Login v1, which has no Back to App button: the only way for users to exit the user profile is to use their browser’s Back button or to enter a new URL in the address bar.


So, yes, the Back to App button is a much-welcomed new feature. Then why don’t your users see this button when they open their user profiles:



Why didn’t these users get a Back to App button? Most likely that’s due to one (or both) of the following:


  • The user isn’t running under Hosted Login v2.
  • You didn’t include the redirect_uri parameter in your link for opening the user profile.

Let’s take a look at the v2 issue first. The Back to App button is only available in Hosted Login v2; if you’re using a Hosted Login v1 client their you won’t see the Back to App button: Hosted Login v1 doesn’t support this feature. So how do you know which version of Hosted Login a user is running under? Well, the Hosted Login version you’re using is determined by the OpenID Connect login client you authenticated with (or, more correctly, by the login policy associated with that client). Want to know if a user is running Hosted Login v1 or v2? Then do this:


  1. Check the authentication request to determine the login client the user used when logging on

  2. https://v1.api.us.janrain.com/00000000-0000-0000-0000-000000000000/login/authorize?
        client_id=55c9604-x457-464f-bgf5-83hj229ju5rf
        &redirect_uri=https://documentation.akamai.com
        &scope=openid profile email
        &response_type=code
        &state=3bd5262737237ef4a
        &code_challenge= RTg4QjMyRUJCNzdBRTQ1MkM2NTAzRTVDOEQ5OTg3QjIwMjVBNTcxQTU5RTJFNDYwMzJBQjYx
        RkM4NjQ0QzdBNw
        &code_challenge_method=S256
    
    
  3. Use the value of the client_id parameter and the /{customerId}/config/clients/{oidcClientId} endpoint to determine the login policy associated with the OIDC client:

    {
        "id": "55c9604-x457-464f-bgf5-83hj229ju5rf ",
        "name": "Akamai Documentation Login Client",
        "redirectURIs": ["https://localhost"],
        "loginPolicy": "b8097975-93c7-46db-8cfe-19609e67eadb",
        "tokenPolicy": "2dcae965-0d56-4961-a98e-f98583e30bb9",
        "type": "public",
        "_links": {
            "self": {
                "href": "/01000000-0000-3000-9000-000000000000/config/clients/
    55c9604-x457-464f-bgf5-83hj229ju5rf "
            }
        }
    }
    
    
  4. Use the value of the loginPolicy property and the /{customerId}/config/policies/{loginPolicyId} endpoint and check the value of the policy’s loginURL property:

    {
        "id": "b8097975-93c7-46db-8cfe-19609e67eadb",
        "identityStoreDetails": {
           "type": "janrainCapture",
           "connectionDetails": {
                "domain": "us-dev.janraincapture.com",
                "applicationId": "ces7u7uwwudrxtz933jvbehzne",
                "entityType": "user",
                "clientId": "6s54fhenv535ek49hkz6hjsh3jgs93ud",
                "clientSecret": "ku5hd43uswtnk8aszxdvuafumlk84gd4nw"
            }
        },
        "loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login",
       "title": "SE gstemp@akamai.com Dev Login Policy",
      "_links": {
           "self": {
                "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/
    b8097975-93c7-46db-8cfe-19609e67eadb"
            }
        }
    }

In the preceding example, we know that the login policy isn’t configured for Hosted Login v2. How do we know that? Well, the loginURL property looks like this:


"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login"


That’s a v1 login URL. If it wasn’t, we’d see the v2 version number in the URL, sandwiched between auth-uiand login:


"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/v2/login"


Which means that, if we want users of this particular OIDC login client to see the Back to App button, we need to do one of the following:


Of course, it’s possible that you are using Hosted Login v2 and yet users still don’t see the Back to Appbutton. That’s probably because you didn’t include the redirect_uri in the link those users employ to access their user profile. For example, suppose you as users to click the following link whenever they want to access their user profile:


https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
     ?client_id=64430515-01ea-4f5d-82e4-c36161af0093


Those users will not see the Back to App button. To get the button to appear, you need to add the redirect_uri parameter followed by the URL of the page you want users to be redirected to when they click the Back to App button. For example:


https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
     ?client_id=64430515-01ea-4f5d-82e4-c36161af0093
     &redirect_uri=https://identitydocs.akamai.com


If the user clicks this modified link, they’ll:


  1. See the Back to App button in their user profile.
  2. Be redirected to https://identitydocs.akamai.com if they click that button.


Problem solved.

More Troubleshooting Questions