Operate Your Project
Redirects
Control where users are sent after sign-in, sign-out, email verification, password reset, and Admin Portal operations.
Redirects control where your users end up after completing authentication flows. When someone signs in, signs out, resets their password, or finishes an Admin Portal setup step, Banata Auth checks your redirect configuration and sends them to the right place.
You manage all redirect settings from the dashboard — no code changes required.
Application Redirects
These settings govern the core authentication experience for your end users.
| Setting | Description | Multi-value |
|---|---|---|
| Redirect URIs | Where users are sent after signing in. Add one URI per client or environment (e.g., production, staging). | Yes |
| App Homepage URL | A link to your app's homepage. Shown on AuthKit pages and in transactional emails. | No |
| Sign-in Endpoint | An endpoint in your app that kicks off the authorization flow (redirects to the authorize endpoint). | No |
| Sign-out Redirects | Where users land after signing out. You can configure multiple URIs if you have more than one client. | Yes |
| External Sign-up URI | An optional URL to an external page where new users can create an account. | No |
| User Invitation URL | The page users are taken to when they click a link in an invitation email. | No |
| Password Reset URL | The page users are taken to when they click a link in a password-reset email. | No |
Admin Portal Redirects
These settings control where organization admins are sent after completing setup tasks in the Admin Portal.
| Setting | Description |
|---|---|
| Logo URI | URL of the logo displayed inside the Admin Portal. |
| SSO Success URI | Where to redirect after SSO configuration completes successfully. |
| Directory Sync Success URI | Where to redirect after Directory Sync setup completes successfully. |
| Log Streams Success URI | Where to redirect after Log Streams configuration completes successfully. |
| Domain Verification Success URI | Where to redirect after domain verification completes successfully. |
Managing Redirects in the Dashboard
Open the Redirects page from the dashboard sidebar. Every redirect setting is displayed as its own card.
Single-Value Settings
- Click Edit on the card you want to change.
- Enter the URL in the inline input field.
- Press Enter to save, or Escape to cancel.
Your change is persisted immediately.
Multi-Value Settings
Redirect URIs and Sign-out Redirects support multiple URLs:
- Each existing URI is shown as a code block with edit and delete controls.
- Click the pencil icon to edit an existing URI inline.
- Click the X icon to remove a URI.
- Click Add to append a new URI.
Each addition, edit, or deletion is saved immediately.
Admin Portal Settings
- Click Edit Admin Portal redirects to unlock all five Admin Portal fields at once.
- Update the values you need.
- Click Save to persist your changes, or Cancel to discard them.
Validation Rules
Keep these rules in mind when entering redirect URLs:
- Use HTTPS in production. HTTP is fine during local development, but production redirect URIs must use HTTPS.
- Use absolute URLs. Every redirect URI must be a fully-qualified URL (e.g.,
https://myapp.com/callback, not/callback). - Exact match only. The URL your client requests must match a configured redirect URI character-for-character, including trailing slashes.
- Match your OAuth providers. If you use social login, make sure the redirect URIs you configure here match what you have registered with each OAuth provider.
Security Best Practices
- No wildcard URIs. Banata Auth requires every redirect URI to be an exact match. Wildcards are not supported, which prevents redirect-hijacking attacks.
- Open-redirect prevention. Users can only be redirected to URIs you have explicitly configured. Dynamic or user-supplied redirect targets are not allowed.
- Admin-only access. Only authenticated admins can view or modify redirect settings.
- Keep your lists lean. Only add redirect URIs that are actively in use. Remove URIs for decommissioned environments promptly.
Troubleshooting
"Redirect URI mismatch" — The URL your client is requesting does not match any entry in your Redirect URIs list. Open the Redirects page in the dashboard and verify the URL is present exactly as your client sends it (including any trailing slash).
All fields show "Not configured" — Redirect settings are empty until you save at least one value. Head to the Redirects page and configure the fields your app needs.
Changes are not persisting — Confirm that you are signed in as an admin. If the issue continues, check that your backend is running and reachable.
Next Steps
- Domains — Set up custom domains for your authentication services.
- Email & Password — Learn about the authentication flow that relies on password-reset redirects.
- Social OAuth — Configure OAuth flows that use redirect URIs.
- Settings — Review other project-level configuration options.