Set callback and redirect URLsLink to this section
For authentication to work, you need to add callback URLs into your app.
- An Allowed callback URL (also known as a redirect URI) is the web address where a user is sent after they authenticate.
- An Allowed logout redirect URL is where they go when they sign out - sometimes these are the same as the allowed callback URLs.
Set callback URLsLink to this section
- In Kinde, go to Settings > Applications.
- View the details of an application.
- In the Allowed callback URLs section, enter a callback URL. For example
- In the Allowed logout redirect URLs field, enter a redirect URL. For example, enter your website address or the URL for a custom logout screen. Make sure you also register the redirect URL in your application settings.
Wildcards not accepted (for now)Link to this section
Currently wildcards can’t be used in callback URLs.
As an immediate solution, we are extending our Kinde management API to allow management of callbacks in a graceful manner. This means if you are deploying code to a dynamically generated subdomain - using a tool like Vercel - you can add the subdomains as callback URLs.
Meanwhile, we are looking into an approach of securely handling wildcards.
Distinguishing callback activity as sign in or sign upLink to this section
Kinde does not currently provide the ability to distinguish between a sign in and new registration, when the user lands on the callback URL.
We recommend that you map the Kinde user IDs to your internal users. Then when the token from Kinde gets verified,
- if the user doesn’t exist: continues with sign up flow
- if the user does exist: continues with sign in flow
We don’t include this information in the token because it’s possible to create a user via an API, or in the admin UI (via custom import).Connect to Kinde