Skip to main content

Authenticate Callback Path

Summary

Authenticate Callback Path sets the path where the Authenticate Service receives callback responses from your identity provider. The value must exactly match one of the authorized redirect URIs for the OAuth 2.0 client.

This value is referred to as the redirect_uri in the OpenIDConnect and OAuth2 specs.

See Google - Setting Redirect URI for more information.

Note:

Pomerium uses the Hosted Authenticate Service by default.

If you want to run Pomerium with a self-hosted authenticate service, you must include an identity provider and authenticate service URL in your configuration.

See Self-Hosted Authenticate Service for more information.

How to configure

Config file keysEnvironment variablesTypeUsageDefault
authenticate_callback_pathAUTHENTICATE_CALLBACK_PATHstringoptional/oauth2/callback

Examples

# config file key
authenticate_callback_path: "/custom/callback"

# environment variable
AUTHENTICATE_CALLBACK_PATH=/custom/callback

# ingress
authenticate.callbackPath: /custom/callback