Redirect URIs are a critical component of the OAuth 2 and OpenID Connect authorization flows. After authorization, Authorization server will redirect user to a registered
redirect_uri included in authorization request.
You must register one or more redirect URIs if client's grant type either one of these,
- Authorization code (or authorization code with PKCE)
- Hybrid (Authorization code + Implicit)
Redirect URI Values
|Value type||URL/URI scheme||Description||Example|
|HTTP URLs||HTTP/HTTPS callback URL for the web app or single page application. URL can be a domain (public/private) or IP address. |
|Custom URI scheme||A URI scheme to associate with the native mobile or desktop apps. MUST be a URI scheme based on a domain name under their control, expressed in reverse order. |
Format: For domain
|Loopback IP address||Native desktop apps that are able to open a port on the loopback network interface without needing special permissions can use the loopback interface to receive the OAuth redirect. |
localhost or local IP
127.0.0.1 for local development, make sure URI scheme is
http://localhost:3000/callback and not
https scheme browser may raise certificate validation error.
Validation of URI
When making an authorization request,
redirect_uri parameter included in request should match with one of the URI in the client's registered URI list. Otherwise authorization server will raise an error.
Manage Redirect URIs
Clients and find the client you want to configure. Click
Redirect URIs panel, click
Add to register one or more URIs and click
Redirect URI should not include fragment or query string parameter.