-
Notifications
You must be signed in to change notification settings - Fork 939
config properties third_party
v1.2.1
object
(third_party)
Property | Type | Required | Nullable | Defined by |
---|---|---|---|---|
providers | object |
Optional | cannot be null | Config |
redirect_url | string |
Optional | cannot be null | Config |
error_redirect_url | string |
Optional | cannot be null | Config |
default_redirect_url | string |
Optional | cannot be null | Config |
allowed_redirect_urls | array |
Optional | cannot be null | Config |
providers
contains the configurations for the available OAuth/OIDC identity providers.
providers
-
is optional
-
cannot be null
object
(providers)
redirect_url
is the URL the third party provider redirects to with an authorization code. Must consist of the base URL
of your running Hanko backend instance and the callback
endpoint of the API,
i.e. {YOUR_BACKEND_INSTANCE}/thirdparty/callback.
Required if any of the providers
are enabled
.
redirect_url
-
is optional
-
cannot be null
string
https://yourinstance.com/thirdparty/callback
error_redirect_url
is the URL the backend redirects to if an error occurs during third party sign-in.
Errors are provided as 'error' and 'error_description' query params in the redirect location URL.
When using the Hanko web components it should be the URL of the page that embeds the web component such that errors can be processed properly by the web component.
You do not have to add this URL to the 'allowed_redirect_urls', it is automatically included when validating redirect URLs.
Required if any of the providers
are enabled
. Must not have trailing slash.
error_redirect_url
-
is optional
-
cannot be null
string
default_redirect_url
is the URL the backend redirects to after it successfully verified
the response from any third party provider.
Must not have trailing slash.
default_redirect_url
-
is optional
-
cannot be null
string
allowed_redirect_urls
is a list of URLs the backend is allowed to redirect to after third party sign-in was
successful.
Supports wildcard matching through globbing. e.g. https://*.example.com
will allow https://foo.example.com
and https://bar.example.com
to be accepted.
Globbing is also supported for paths, e.g. https://foo.example.com/*
will match https://foo.example.com/page1
and https://foo.example.com/page2
.
A double asterisk (**
) acts as a "super"-wildcard/match-all.
See here for more on globbing.
Must not be empty if any of the providers
are enabled
. URLs in the list must not have a trailing slash.
allowed_redirect_urls
-
is optional
-
cannot be null
string[]