Redirect URIs

Redirect URIs are a critical part of the OAuth 2.0 and OpenID Connect flow. After a user successfully authorizes the release of their data, ID.me will redirect the user back to your application. It is critical you do not redirect the user to arbitrary locations, because the redirect URI may contain sensitive information.

What are Redirect URIs?

OAuth 2.0 and OpenID Connect integrations require a redirect URI to be configured and passed to the authorization endpoint in order to start a transaction.

ID.me allows developers to add as many redirect URIs as you need to complete your integration, however, limiting the number of redirect URIs is recommended.

ID.me does not support wildcards or hashes within our redirect URIs, and we advise against using parameters as well.

Best Practices

One measure to ensure applications are secure is to configure redirect URIs that are a static callback URL, which only permits the following parameters:

Authorization Code Flow

code
state
id_token, if applicable

Implicit Flow

token
state
id_token, if applicable

Redirect URI Configuration

You can easily update and maintain your Redirect URIs within your developer admin dashboard. Follow these simple steps below:

Log into your developer account at https://developers.id.me/session/new
Click “View Applications”
Select application and click “Continue”
Click “Edit”
Scroll down to update and maintain your Redirect URIs here

Please note, if you would like to configure a ngrok or localhost URI, please contact your dedicated Solution Consultant or [email protected] for assistance.