Why can't have an api method exposed to save the redirect url ( Login Flow )

iamsatishkumarn
We all know how the login flow works, we save the re-direct url manually in the kite connect app dashboard, Can't we have an API method exposed where we can send the redirect url to be saved or Else every time our cloud provider changes the url , we have to change it manually, which often we forgot and it's frustrating.
  • tonystark
    This is a standard practice and you can find the same system in any OAuth based authentication mechanism. Fixed redirect URL lets us enforce better safety mechanisms such as avoiding malicious actors overriding the redirect URL, oversight on where the user sessions tokens are sent, whether the service has enabled proper encryption (TLS/HTTPS) etc.

    Redirect URL is part of your admin account. Kite Connect sessions are of user accounts. An API associated with a user account is not suppose to alter admin account parameters.
    every time our cloud provider changes the url , we have to change it manually
    Using ephemeral URL as redirect URL is not a good practice. Instead see if your cloud provider provides an account/project subdomain, or you can attach your own domain name, or use any dynamic DNS service to attach a free subdomain and keep the URL fixed.
Sign In or Register to comment.