LoginRocket URLs & Params

LoginRocket supports a number of inbound URLs. These are simply added to your LoginRocket URL (see Realm -> Integration -> LoginRocket).

Example: If your LoginRocket URL is https://your-app.e2.loginrocket.com/, then the login form URL is https://your-app.e2.loginrocket.com/login.

If using a custom domain, your LoginRocket URL will reflect that domain (and not *.loginrocket.com). If your custom domain is login.your.app, then the login form URL will be https://login.your.app/login.

/login

Shows the login form.

Parameters:

/signup

Shows the signup form.

If signups are in invitation-only mode, shows the request invitation form instead. If signups completely disabled, shows a signups are closed message. In both cases, will still allow a signup if presented with a valid invitation code.

Parameters:

/profile

Allows the user to manage their own profile.

Parameters:

/logout

Logout the current session.

Parameters:

/accounts

Shows the account selector to allow the user to switch between accounts.

Parameters:

/account/[account-id]

Allows the user to manage the current account/org.

Parameters:

Redirecting back to your app

When a user successfully performs a login or signup (or returns to your app from managing their profile or account), they are redirected back to your app.

Using the Default Login URL

The “Default Login URL” refers to a URL in your app. It is the location where LoginRocket will redirect users to, unless otherwise specified. That is, it’s the default URL in your app that LoginRocket will choose to send your users.

The Default Login URL is the first Login URL configured at Realm -> Settings -> Connected Apps -> [Your App].

Example: If the Default Login URL is https://your.app/login, then the user will be sent to https://your.app/login?token=[the-token].

If your app processes all logins at a single URL, simply ensure the Default Login URL is that URL. Common choices are /login, /manage, and similar.

Using redirect_uri

The Default Login URL may be overridden by using the ?redirect_uri=[url] query parameter.

Example: Your app sends the user to the login form at https://your-app.e2.loginrocket.com/login?redirect_uri=https://your.app/start. Upon a successful login the user will be returned to https://your.app/start?token=[the-token].

To ensure the user only gets sent back to your app (and not just anywhere), you must tell AuthRocket what URLs are valid. If redirect_uri doesn’t match any configured URLs, LoginRocket will use the Default Login URL instead.

Manage additional URLs at Realm -> Settings -> Connected Apps -> [Your App].

URLs are left-matched, so setting https://your.app/ will accept any path at your.app (because all paths begin with /).

Likewise, setting https://your.app/manage will allow /manage and /manage/elsewhere, but not /about.

The first URL is the considered default, so if you want the default to be /manage, but to allow redirects to all paths, set (in this order):

https://your.app/manage
https://your.app/

Hint If you use redirect_uri at all, then we recommend using it all the time. This is because LoginRocket remembers redirect_uri (using a cookie) until it is changed. So, not sending redirect_uri won’t revert to the Default Login URL as long as LoginRocket still remembers the previous redirect_uri.

Multiple apps & SSO

AuthRocket has built-in support for Single Sign-On (SSO) across multiple apps. At Realm -> Settings -> Connected Apps, configure multiple connected apps. Multiple URLs (if needed) can still be configured for each app.

With SSO, using redirect_uri is required.