Skip to main content

Redirects

Learn how to work with redirects

Set up a redirect

When using AuthN, you will need to provide a redirect URL for certain endpoints. Redirect URLs are used to hand off users from the Pangea-hosted AuthN pages back to your app. When an application wishes to start a flow it redirects to a hosted login page passing in a callback redirect URL as a parameter. AuthN validates the URL is in the list of acceptable redirects. When the flow is completed the hosted page redirects back to the URL. The AuthN service will then validate the URL passed into the endpoint against the list of acceptable redirect URLs you configured in the Redirect Settings page.

  • If the URL matches one on the list, the AuthN flow will succeed (The Pangea Console allows you to configure one or more redirect URLs)
  • If the redirect URL is invalid, then the AuthN flow will fail
note

If an attacker can redirect users back to their own page after a login flow they could capture your user's tokens.

Redirect URLs accept exact matches, or the asterisk can be used as a wildcard. For example, after a user logs in via the hosted AuthN pages, you may want that user to land on a customized dashboard with a URL similar to:

https://theoffice.work/<location>/dashboard

In this scenario, <location> is a variable depending on how the user logs in. If you only have three locations - scranton, sandiego, and paloalto, you could provide three exact match URLs. However, this would be impractical, especially if you expect the list of locations to grow or change. To ensure that this will work no matter the location, you can configure your redirect URL like so:

https://theoffice.work/*/dashboard

Using the wildcard will allow you to match against any values between the slashes.

To set a redirect:

  1. In the Pangea User Console , click General on the left-hand navigation menu.
  2. Click Redirect Settings.
  3. Click + Redirect. A dialog will appear asking you to enter a redirect URL.
  4. Type the URL and click Save.

Delete a redirect

To delete a redirect:

  1. In the Pangea Console , go to Redirects on the left-hand navigation menu.
  2. Click the minus(-) button beside the redirect URL.
  3. The redirect is deleted.

Was this article helpful?

Contact us