Users don't see the "Back to App" button
Question
According to your documentation. there should be a button labeled Back to App in all our user profiles. So how come none of our users actually see this button?
Answer
Yes, in Hosted Login v2, itโs possible to add a Back to App button to a userโs user profile:
If the user clicks this button, theyโll exit their user profile page and be redirected to a page of your choosing. (Which page of your choosing? As you might expect, thatโs entirely your choice.)
This a big improvement over Hosted Login v1, which has no Back to App button: the only way for users to exit the user profile is to use their browserโs Back button or to enter a new URL in the address bar.
So, yes, the Back to App button is a much-welcomed new feature. Then why donโt your users see this button when they open their user profiles:
Why didnโt these users get a Back to App button? Most likely thatโs due to one (or both) of the following:
-
The user isnโt running under Hosted Login v2.
-
You didnโt include the redirect_uri parameter in your link for opening the user profile.
Letโs take a look at the v2 issue first. The Back to App button is only available in Hosted Login v2; if youโre using a Hosted Login v1 client their you wonโt see the Back to App button: Hosted Login v1 doesnโt support this feature. So how do you know which version of Hosted Login a user is running under? Well, the Hosted Login version youโre using is determined by the OpenID Connect login client you authenticated with (or, more correctly, by the login policy associated with that client). Want to know if a user is running Hosted Login v1 or v2? Then do this:
- Check the authentication request to determine the login client the user used when logging on
https://v1.api.us.janrain.com/00000000-0000-0000-0000-000000000000/login/authorize?
client_id=55c9604-x457-464f-bgf5-83hj229ju5rf
&redirect_uri=https://documentation.akamai.com
&scope=openid profile email
&response_type=code
&state=3bd5262737237ef4a
&code_challenge= RTg4QjMyRUJCNzdBRTQ1MkM2NTAzRTVDOEQ5OTg3QjIwMjVBNTcxQTU5RTJFNDYwMzJBQjYx
RkM4NjQ0QzdBNw
&code_challenge_method=S256
- Use the value of the client_id parameter and the /{customerId}/config/clients/{oidcClientId} endpoint to determine the login policy associated with the OIDC client:
{
"id": "55c9604-x457-464f-bgf5-83hj229ju5rf ",
"name": "Akamai Documentation Login Client",
"redirectURIs": ["https://localhost"],
"loginPolicy": "b8097975-93c7-46db-8cfe-19609e67eadb",
"tokenPolicy": "2dcae965-0d56-4961-a98e-f98583e30bb9",
"type": "public",
"\_links": {
"self": {
"href": "/01000000-0000-3000-9000-000000000000/config/clients/
55c9604-x457-464f-bgf5-83hj229ju5rf "
}
}
}
- Use the value of the loginPolicy property and the /{customerId}/config/policies/{loginPolicyId} endpoint and check the value of the policyโs loginURL property:
{
"id": "b8097975-93c7-46db-8cfe-19609e67eadb",
"identityStoreDetails": {
"type": "janrainCapture",
"connectionDetails": {
"domain": "us-dev.janraincapture.com",
"applicationId": "ces7u7uwwudrxtz933jvbehzne",
"entityType": "user",
"clientId": "6s54fhenv535ek49hkz6hjsh3jgs93ud",
"clientSecret": "ku5hd43uswtnk8aszxdvuafumlk84gd4nw"
}
},
"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login",
"title": "SE gstemp@akamai.com Dev Login Policy",
"\_links": {
"self": {
"href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/
b8097975-93c7-46db-8cfe-19609e67eadb"
}
}
}
In the preceding example, we know that the login policy isnโt configured for Hosted Login v2. How do we know that? Well, the loginURL property looks like this:
"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login"
Thatโs a v1 login URL. If it wasnโt, weโd see the v2 version number in the URL, sandwiched between auth-ui and login:
"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/v2/login"
Which means that, if we want users of this particular OIDC login client to see the Back to App button, we need to do one of the following:
-
Upgrade the current login policy to Hosted Login v2.
-
Assign the client a different login policy, one that has been upgraded to v2.
Of course, itโs possible that you are using Hosted Login v2 and yet users still donโt see the Back to App button. Thatโs probably because you didnโt include the redirect_uri in the link those users employ to access their user profile. For example, suppose you as users to click the following link whenever they want to access their user profile
https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
?client_id=64430515-01ea-4f5d-82e4-c36161af0093
Those users will not see the Back to App button. To get the button to appear, you need to add the redirect_uri parameter followed by the URL of the page you want users to be redirected to when they click the Back to App button. For example:
https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
?client_id=64430515-01ea-4f5d-82e4-c36161af0093
&redirect_uri=https://identitydocs.akamai.com
If the user clicks this modified link, theyโll:
-
See the Back to App button in their user profile.
-
Be redirected to https://identitydocs.akamai.com if they click that button.
Problem solved.
Updated about 1 year ago