Redirect URLs

​

What are redirect URLs?

When your users click on URLs sent to their emails (e.g. Magic links) or when they are being redirected after successful login with an external identity providers such as Google OAuth, Streambird needs to ensure it is a safe and secure link that you intended to redirect your users to.

By setting up and creating a Redirect URLs in our Console Dashboard, you will ensure that only URLs you whitelisted can be used when you initiate any authentication requests.

Each redirect URL will have a type that specifies under which event it will be used.

When a redirect URL is set to default, it will be used by any authentication requests without a specified login_redirect_url or registration_redirect_url.

​

Where are redirect URLs used

Redirect URLs are currently being used during magic links and OAuth authentication methods where you can specify the registration, login, and invite redirect URLs when you create and initiate authentication requests for your users.

​

Wildcard redirect URLs (beta)

To support multi-tenant or multi-service applications that might have different subdomains but might not know ahead of time the exact subdomain to be used, Streambird allows wildcard subdomain whitelisting.

For example, if you intend to create a wildcard redirect URL for any subdomain under xyz.com, you can create a redirect URL https://*.xyz.com/login/verify. This will allow any subdomain of xyz.com like https://custom.xyz.com to be considered a valid redirect URL when initiating authentication requests.

We do perform exact match for path validation so in the case of https://*.xyz.com/login/verify, we will only allow URLs such as https://custom.xyz.com/login/verify since the path /login/verify matches exactly the path of the wildcard redirect URL created in the Dashboard.