Custom provider users can't log on to Hosted Login

Question

I’m able to log on to my social login identity provider, but, following that authentication, I’m not logged on to Hosted Login. Why not?

Answer

To explain why this might be happening, let’s start by explaining how the social login process works, a process that (in simplified form) goes like this:

  1. You click a login button, and get redirected to your Hosted Login login page.

  2. On the Hosted Login sign-in screen, you click the button for your custom provider.

  3. You’re redirected to the identity provider’s login page and you authenticate with the social IdP.

  4. You’re redirected back to Hosted Login, where the access token issued by the social login provider is exchanged for a set of Hosted Login tokens.

If you’re able to connect to, and authenticate with, the social login provider but you’re not being logged on to Hosted Login, this is usually a problem with step 4: the redirection back to Hosted Login. When working with a custom provider (or any social login provider), you must be redirected back to a specific URL, a URL capable of: 1) exchanging your social login token for a set of Hosted Login tokens; and, 2) retrieving data from your social login provider’s user profile and copying that data to Hosted Login. If users aren’t being redirected to the correct URL they won’t get logged on to Hosted Login.

If you’re using a standard social login realm, your redirect URI must look similar to this:

     https://identitydocs.rpxnow.com/3cc14467-fd4f-437d-a0c0-0b3888dd2ee4.ab34fd29-1c4b-42e3-8be8-142ab8de8841/callback

In the preceding URI:

  • identitydocs is the name of your realm.

  • 3cc14467-fd4f-437d-a0c0-0b3888dd2ee4 is your Akamai customer ID.

  • ab34fd29-1c4b-42e3-8be8-142ab8de8841 is the id of your custom provider. Note that there’s a dot (.) between the customer ID and the provider ID.

If you’re using a custom realm (e.g., identitydocs.akamai.com), use the full realm name in the redirect URI:

     https://identitydocs.akamai.com/3cc14467-fd4f-437d-a0c0-0b3888dd2ee4.ab34fd29-1c4b-42e3-8be8-142ab8de8841/callback

When you create an authentication client on the social login provider, make sure you use the correct redirection URL. That should solve the problem.