Configure initiate login endpoint
Set up a login endpoint that Scalekit redirects to when users access your application through indirect entry points
In certain scenarios, Scalekit redirects users to your application’s login endpoint using OIDC third-party initiated login. Your application must implement this endpoint to construct the authorization URL and redirect users to Scalekit’s authentication flow.
Scalekit redirects to your login endpoint in these (example) scenarios:
-
Bookmarked login page: Users bookmark your login page and visit it later. When they access the bookmarked URL, Scalekit redirects them to your application’s login endpoint because the original authentication transaction has expired.
-
Password reset completion: After users complete a password reset, Scalekit redirects them to your login endpoint. Users can then sign in with their new password.
-
Email verification completion: After users verify their email address during signup, Scalekit redirects them to your login endpoint to complete authentication.
-
Organization invitations: When users click an invitation link to join an organization, Scalekit redirects them to your login endpoint with invitation parameters. Your application must forward these parameters to Scalekit’s authorization endpoint.
-
Disabled cookies: If users navigate to Scalekit’s authorization endpoint with cookies disabled, Scalekit redirects them to your login endpoint.
Configure the initiate login endpoint
Section titled “Configure the initiate login endpoint”Register your login endpoint in the Scalekit dashboard.
Go to Dashboard > Authentication > Redirect URLs > Initiate Login URL and add your endpoint.
The endpoint must:
- Use HTTPS (required in production)
- Not point to localhost (production only)
- Accept query parameters that Scalekit appends
Implement the login endpoint
Section titled “Implement the login endpoint”Create a /login endpoint that constructs the authorization URL and redirects users to Scalekit.
// Handle indirect auth entry pointsapp.get('/login', (req, res) => { const redirectUri = 'http://localhost:3000/auth/callback'; const options = { scopes: ['openid', 'profile', 'email', 'offline_access'] };
const authorizationUrl = scalekit.getAuthorizationUrl(redirectUri, options); res.redirect(authorizationUrl);});3 collapsed lines
from flask import redirectfrom scalekit import AuthorizationUrlOptions
# Handle indirect auth entry points@app.route('/login')def login(): redirect_uri = 'http://localhost:3000/auth/callback' options = AuthorizationUrlOptions( scopes=['openid', 'profile', 'email', 'offline_access'] )
authorization_url = scalekit_client.get_authorization_url(redirect_uri, options) return redirect(authorization_url)// Handle indirect auth entry pointsr.GET("/login", func(c *gin.Context) { redirectUri := "http://localhost:3000/auth/callback" options := scalekitClient.AuthorizationUrlOptions{ Scopes: []string{"openid", "profile", "email", "offline_access"} }
authorizationUrl, _ := scalekitClient.GetAuthorizationUrl(redirectUri, options) c.Redirect(http.StatusFound, authorizationUrl.String())})4 collapsed lines
import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RestController;import java.net.URL;
// Handle indirect auth entry points@GetMapping("/login")public String login() { String redirectUri = "http://localhost:3000/auth/callback"; AuthorizationUrlOptions options = new AuthorizationUrlOptions(); options.setScopes(Arrays.asList("openid", "profile", "email", "offline_access"));
URL authorizationUrl = scalekitClient.authentication().getAuthorizationUrl(redirectUri, options); return "redirect:" + authorizationUrl.toString();}