What are redirect URLs?
When your users click on URLs sent to their emails (e.g. Magic links) or when they are being redirected after successful login with an external identity providers such as Google OAuth, Streambird needs to ensure it is a safe and secure link that you intended to redirect your users to.
By setting up and creating a Redirect URLs in our Console Dashboard, you will ensure that only URLs you whitelisted can be used when you initiate any authentication requests.
redirect URL will have a type that specifies under which event it will be used.
|Used when a user is first created on Streambird.|
|Used when an existing user is trying to log in and authenticate our API.|
|Used when an invite request is created.|
When a redirect URL is set to
default, it will be used by any authentication requests without a specified
Where are redirect URLs used
Redirect URLs are currently being used during
magic links and
OAuth authentication methods where you can specify the
invite redirect URLs when you create and initiate authentication requests for your users.
Wildcard redirect URLs (beta)
To support multi-tenant or multi-service applications that might have different subdomains but might not know ahead of time the exact subdomain to be used, Streambird allows wildcard subdomain whitelisting.
For example, if you intend to create a wildcard redirect URL for any subdomain under
xyz.com, you can create a redirect URL
https://*.xyz.com/login/verify. This will allow any subdomain of
https://custom.xyz.com to be considered a valid redirect URL when initiating authentication requests.
We do perform exact match for path validation so in the case of
https://*.xyz.com/login/verify, we will only allow URLs such as
https://custom.xyz.com/login/verify since the path
/login/verify matches exactly the path of the wildcard redirect URL created in the Dashboard.
Wildcard redirect url cannot be set to
default since Streambird uses the default redirect URL when no specific redirect url is sent in for any authentication requests.