Users don't see the "Back to App" button

Question

According to your documentation. there should be a button labeled Back to App in all our user profiles. So how come none of our users actually see this button?

Answer

Yes, in Hosted Login v2, it’s possible to add a Back to App button to a user’s user profile:

If the user clicks this button, they’ll exit their user profile page and be redirected to a page of your choosing. (Which page of your choosing? As you might expect, that’s entirely your choice.)

This a big improvement over Hosted Login v1, which has no Back to App button: the only way for users to exit the user profile is to use their browser’s Back button or to enter a new URL in the address bar.

So, yes, the Back to App button is a much-welcomed new feature. Then why don’t your users see this button when they open their user profiles:

Why didn’t these users get a Back to App button? Most likely that’s due to one (or both) of the following:

  • The user isn’t running under Hosted Login v2.

  • You didn’t include the redirect_uri parameter in your link for opening the user profile.

Let’s take a look at the v2 issue first. The Back to App button is only available in Hosted Login v2; if you’re using a Hosted Login v1 client their you won’t see the Back to App button: Hosted Login v1 doesn’t support this feature. So how do you know which version of Hosted Login a user is running under? Well, the Hosted Login version you’re using is determined by the OpenID Connect login client you authenticated with (or, more correctly, by the login policy associated with that client). Want to know if a user is running Hosted Login v1 or v2? Then do this:

  1. Check the authentication request to determine the login client the user used when logging on
https://v1.api.us.janrain.com/00000000-0000-0000-0000-000000000000/login/authorize?
    client\_id=55c9604-x457-464f-bgf5-83hj229ju5rf
       &redirect\_uri=https://documentation.akamai.com
       &scope=openid profile email
       &response\_type=code
       &state=3bd5262737237ef4a
       &code\_challenge= RTg4QjMyRUJCNzdBRTQ1MkM2NTAzRTVDOEQ5OTg3QjIwMjVBNTcxQTU5RTJFNDYwMzJBQjYx
       RkM4NjQ0QzdBNw
       &code\_challenge\_method=S256
  1. Use the value of the client_id parameter and the /{customerId}/config/clients/{oidcClientId} endpoint to determine the login policy associated with the OIDC client:
{
       "id": "55c9604-x457-464f-bgf5-83hj229ju5rf ",
       "name": "Akamai Documentation Login Client",
       "redirectURIs": ["https://localhost"],
    "loginPolicy": "b8097975-93c7-46db-8cfe-19609e67eadb",
       "tokenPolicy": "2dcae965-0d56-4961-a98e-f98583e30bb9",
       "type": "public",
       "\_links": {
           "self": {
               "href": "/01000000-0000-3000-9000-000000000000/config/clients/
   55c9604-x457-464f-bgf5-83hj229ju5rf "
           }
       }
   }
  1. Use the value of the loginPolicy property and the /{customerId}/config/policies/{loginPolicyId} endpoint and check the value of the policy’s loginURL property:
{
       "id": "b8097975-93c7-46db-8cfe-19609e67eadb",
       "identityStoreDetails": {
          "type": "janrainCapture",
          "connectionDetails": {
               "domain": "us-dev.janraincapture.com",
               "applicationId": "ces7u7uwwudrxtz933jvbehzne",
               "entityType": "user",
               "clientId": "6s54fhenv535ek49hkz6hjsh3jgs93ud",
               "clientSecret": "ku5hd43uswtnk8aszxdvuafumlk84gd4nw"
           }
       },
    "loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login",
      "title": "SE gstemp@akamai.com Dev Login Policy",
     "\_links": {
          "self": {
               "href": "/config/e0a70b4f-1eef-4856-bcdb-f050fee66aae/loginPolicies/
   b8097975-93c7-46db-8cfe-19609e67eadb"
           }
       }
    }

In the preceding example, we know that the login policy isn’t configured for Hosted Login v2. How do we know that? Well, the loginURL property looks like this:

"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/login"

That’s a v1 login URL. If it wasn’t, we’d see the v2 version number in the URL, sandwiched between auth-ui and login:

"loginURL": "https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/v2/login"

Which means that, if we want users of this particular OIDC login client to see the Back to App button, we need to do one of the following:

  • Upgrade the current login policy to Hosted Login v2.

  • Assign the client a different login policy, one that has been upgraded to v2.

Of course, it’s possible that you are using Hosted Login v2 and yet users still don’t see the Back to App button. That’s probably because you didn’t include the redirect_uri in the link those users employ to access their user profile. For example, suppose you as users to click the following link whenever they want to access their user profile

https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
     ?client\_id=64430515-01ea-4f5d-82e4-c36161af0093

Those users will not see the Back to App button. To get the button to appear, you need to add the redirect_uri parameter followed by the URL of the page you want users to be redirected to when they click the Back to App button. For example:

https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/profile
     ?client\_id=64430515-01ea-4f5d-82e4-c36161af0093
     &redirect\_uri=https://identitydocs.akamai.com

If the user clicks this modified link, they’ll:

  1. See the Back to App button in their user profile.

  2. Be redirected to https://identitydocs.akamai.com if they click that button.

Problem solved.


Did this page help you?