Authenticate Callback Path
Summary
Authenticate Callback Path sets the path where the Authenticate Service receives callback responses from your identity provider. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client.
This value is referred to as the redirect_uri in the OpenIDConnect and OAuth2 specs.
See Google - Setting Redirect URI for more information.
Pomerium uses the Hosted Authenticate Service by default.
If you want to run Pomerium with a self-hosted authenticate service, you must include an identity provider and authenticate service URL in your configuration.
See Self-Hosted Authenticate Service for more information.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Usage | Default |
|---|---|---|---|---|
authenticate_callback_path | AUTHENTICATE_CALLBACK_PATH | string | optional | /oauth2/callback |
Examples
authenticate_callback_path: '/custom/callback'
AUTHENTICATE_CALLBACK_PATH=/custom/callback
authenticate_callback_path is a bootstrap configuration setting and is not configurable in the Console.
| Parameter name | Type | Usage | Default |
|---|---|---|---|
authenticate.callbackPath | string | optional | /oauth2/callback |
Examples
authenticate:
callbackPath: /custom/callback