Authenticate Callback Path
Summary
Authenticate Callback Path sets the path where the Authenticate Service receives callback responses from your identity provider. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client.
This value is referred to as the redirect_uri
in the OpenIDConnect and OAuth2 specs.
See Google - Setting Redirect URI for more information.
Pomerium uses the Hosted Authenticate Service by default.
If you want to run Pomerium with a self-hosted authenticate service, you must include an identity provider and authenticate service URL in your configuration.
See Self-Hosted Authenticate Service for more information.
How to configure
- Core
- Enterprise
- Kubernetes
Config file keys | Environment variables | Type | Usage | Default |
---|---|---|---|---|
authenticate_callback_path | AUTHENTICATE_CALLBACK_PATH | string | optional | /oauth2/callback |
authenticate_callback_path
is a bootstrap configuration setting and is not configurable in the Console.
Name | Type | Usage | Default |
---|---|---|---|
authenticate.callbackPath | string | optional | /oauth2/callback |
See the Kubernetes Deployment Reference for more information.
Examples
# config file key
authenticate_callback_path: "/custom/callback"
# environment variable
AUTHENTICATE_CALLBACK_PATH=/custom/callback
# ingress
authenticate.callbackPath: /custom/callback