LoginRocket URLs & Params

LoginRocket supports a number of inbound URLs. These are simply added to your LoginRocket URL (see Realm -> Integration -> LoginRocket).

Example: If your LoginRocket URL is https://your-app.e2.loginrocket.com/, then the login form URL is https://your-app.e2.loginrocket.com/login.

If using a custom domain, your LoginRocket URL will reflect that domain (and not *.loginrocket.com). If your custom domain is login.your.app, then the login form URL will be https://login.your.app/login.

/login

Shows the login form.

Parameters:

• account=[account-id] - In multi-account mode, sets the preferred account-id; set to blank to force reselect.
• prompt=login - Force re-login, even if already logged in.
• redirect_uri=[url] - Full URL of app to return to after login (see below).

/signup

Shows the signup form.

If signups are in invitation-only mode, shows the request invitation form instead. If signups completely disabled, shows a signups are closed message. In both cases, will still allow a signup if presented with a valid invitation code.

Parameters:

• invitation=[token] - Automatically accepts this invitation as part of signup process. Required if signups closed or invitation only.
• redirect_uri=[url] - See below.

/profile

Allows the user to manage their own profile.

Parameters:

• account=[account-id] - If using session, optionally indicate the currently selected account.
• redirect_uri=[url] - See below.
• session=[session-id] - When using API for logins or signups, add the session ID to avoid requiring a relogin.

/logout

Logout the current session.

Parameters:

• redirect_uri=[url] - See below. If not present, redirects to /login.

/accounts

Shows the account selector to allow the user to switch between accounts.

Parameters:

• force=1 - By default if only one account, auto-selects. This disables auto-selection and just shows the one account.
• redirect_uri=[url] - See below.
• session=[session-id] - See /profile above.

/account/[account-id]

Allows the user to manage the current account/org.

Parameters:

• redirect_uri=[url] - See below.
• session=[session-id] - See /profile above.

Redirecting back to your app

When a user successfully performs a login or signup (or returns to your app from managing their profile or account), they are redirected back to your app.

Using the Default Login URL

The “Default Login URL” refers to a URL in your app. It is the location where LoginRocket will redirect users to, unless otherwise specified. That is, it’s the default URL in your app that LoginRocket will choose to send your users.

The Default Login URL is the first Login URL configured at Realm -> Settings -> Connected Apps -> [Your App].

Example: If the Default Login URL is https://your.app/login, then the user will be sent to https://your.app/login?token=[the-token].

If your app processes all logins at a single URL, simply ensure the Default Login URL is that URL. Common choices are /login, /manage, and similar.

Using redirect_uri

The Default Login URL may be overridden by using the ?redirect_uri=[url] query parameter.

Example: Your app sends the user to the login form at https://your-app.e2.loginrocket.com/login?redirect_uri=https://your.app/start. Upon a successful login the user will be returned to https://your.app/start?token=[the-token].

To ensure the user only gets sent back to your app (and not just anywhere), you must tell AuthRocket what URLs are valid. If redirect_uri doesn’t match any configured URLs, LoginRocket will use the Default Login URL instead.

Manage additional URLs at Realm -> Settings -> Connected Apps -> [Your App].

https://your.app/manage
https://your.app/

Multiple apps & SSO

AuthRocket has built-in support for Single Sign-On (SSO) across multiple apps. At Realm -> Settings -> Connected Apps, configure multiple connected apps. Multiple URLs (if needed) can still be configured for each app.

With SSO, using redirect_uri is required.