Skip to main content

Redirect URI

A redirect URI is an endpoint where Scalekit redirects users post-authentication with the identity provider (IdP). In the Scalekit dashboard, you can configure up to 5 redirect URIs per environment.

Since redirect URIs can be manipulated by unauthorized parties, Scalekit requires pre-registration of all redirect URIs used in login flows. Registration can be done in the Scalekit dashboard.

info

IdP-initiated SAML SSO flow: Scalekit uses your configured default redirect URI to redirect users. Learn more about handling IdP-initiated SSO flows.

Validation rules

Redirect URIs that are configured in the Scalekit dashboard must adhere to specific validation rules for security:

Validation ruleDevelopment environmentProduction environment
Schemes supported http
https
https
localhost Allowed Not allowed
Wildcard support (*) Allowed

See below for full details about wildcard character support
Not allowed
Max URI length256 characters256 characters
Query parameters
https://your-domain.com/callback?query=value
Not allowed Not allowed
Fragment component
https://your-domain.com/callback#fragment=value
Not allowed Not allowed

Wildcard character (*) in redirect URIs

According to the OAuth 2.0 specification (section 3.1.2 of RFC 6749), a redirection URI must be an absolute URI. But, to make development and testing easier - this restriction is slightly relaxed in the development environments.

For development, wildcards can simplify testing. However, they must follow these rules:

Validation ruleExample
Wildcard characters are not allowed as a root-level domain https://*.com
https://*.acmecorp.com
https://auth-*.acmecorp.com
A redirect URI can have only one wildcard character https://*.*.acmecorp.com
https://*.acmecorp.com
Wildcard character must be located in a subdomain within the hostname component https://acmecorp.*.com
https://*.acmecorp.com
Wildcard must be part of the subdomain that is farthest from the hostname component https://auth.*.acmecorp.com
https://*.auth.acmecorp.com

Is this page helpful? Yes No