Constructing a Sign-In Link
- Applies to:
- All MindTouch Versions
- Role required:
- Admin
Authentication URL Structure
Authentication URL's are tied to a configured identity provider service id.
The identity provider service id 1
always represents the local identity provider service, the sign-in form located at Special:UserLogin. Constructing links directly to Special:UserLogin can lead to problems when handling return URLs.
The {id}
can be inserted into the following URL structure to construct an authentication URL
https://example.com/@app/auth/{id}/login
The word default
can be used in place of {id}
to construct a URL to the default identity provider service.
https://example.com/@app/auth/default/login
An optional returnto
URL query parameter contains a URL encoded, fully qualified URL that the user is expected to be navigated to, after authentication. This value is converted into the authentication protocol's native return URL paradigm (ex: RelayState for SAML SSO). This URL must return the same hostname as the authentication endpoint, otherwise the return URL will be dropped.
https://example.com/@app/auth/{id}/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux https://example.com/@app/auth/default/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux
The Special:UserLogin sign in form uses special URL query parameters construct a post-authentication HTTP redirect. These query parameters, returntotitle and returnquery, are generated and handled by the Expert platform with unique, special character encoding. It is not recommended that you try to construct a URL to Special:UserLogin with query parameters. Instead, use the method described above, using identity provider service id 1
.
// Constructing an authentication URL with a return URL to https://example.com/foo/bar?baz=qux // Don't try this... https://example.com/Special:UserLogin?returntotitle=foo%2Fbar&returnquery=baz%3Dqux // Instead, construct this https://example.com/@app/auth/1/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux
Building the Markup
Putting everything together, using DekiScript, a sign-in link with a return to the current page can be achieved with this code.
<a href=(site.homepage.uri .. '@app/auth/{id}/login?returnto=' .. uri.encode(page.uri))>"Sign in"</a>