Redirect URIs | ID.me Developer

Redirect URIs are a required part of any OAuth 2.0 or OpenID Connect integration. After a user completes the authorization flow, ID.me redirects them back to your application using the specified redirect_uri. This URI may include sensitive information, so it’s critical that redirection only occurs to trusted, pre-configured locations.

What you need to know

A redirect_uri must be configured and included in the authorization request to begin the OAuth or OIDC flow
You can register multiple redirect URIs per application, but keep the list as limited as possible to reduce complexity and risk
Wildcards (*) and URI fragments (#) are not supported
Avoid using query parameters in the redirect URI, as they may not be handled predictably across identity flows

Properly managing your redirect URIs helps secure your integration and ensures reliable user redirection back to your application

Best practices

To help keep your application secure, configure your redirect URIs as static callback URLs. These should only allow the following parameters:

Authorization code flow

code
state
id_token (if applicable)

Redirect URI configuration

You can update and manage your redirect URIs directly from the developer dashboard by following these steps:

Select View Applications

Select your application and select Continue

Select Edit and scroll down to update your redirect URIs

To configure a localhost or ngrok URI for development, please contact your ID.me solution consultant or email partnersupport@id.me