Skip to main content
MindTouch Success Center

Constructing a Sign-In Link

Applies to:
All MindTouch Versions
Role required:
Admin
This article describes how to construct sign in links to different identity providers.

Authentication URL Structure

Authentication URL's are tied to a configured identity provider service id.

The identity provider service id 1 always represents the local identity provider service, the sign-in form located at Special:UserLogin. Constructing links directly to Special:UserLogin can lead to problems when handling return URLs.

The {id} can be inserted into the following URL structure to construct an authentication URL

https://example.com/@app/auth/{id}/login

The word default can be used in place of {id}to construct a URL to the default identity provider service.

https://example.com/@app/auth/default/login

An optional returnto URL query parameter contains a URL encoded, fully qualified URL that the user is expected to be navigated to, after authentication. This value is converted into the authentication protocol's native return URL paradigm (ex: RelayState for SAML SSO). This URL must return the same hostname as the authentication endpoint, otherwise the return URL will be dropped.

https://example.com/@app/auth/{id}/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux
https://example.com/@app/auth/default/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux

The Special:UserLogin sign in form uses special URL query parameters construct a post-authentication HTTP redirect. These query parameters, returntotitle and returnquery, are generated and handled by the MindTouch platform with unique, special character encoding. It is not recommended that you try to construct a URL to Special:UserLogin with query parameters. Instead, use the method described above, using identity provider service id 1

// Constructing an authentication URL with a return URL to https://example.com/foo/bar?baz=qux

// Don't try this...
https://example.com/Special:UserLogin?returntotitle=foo%2Fbar&returnquery=baz%3Dqux

// Instead, construct this
https://example.com/@app/auth/1/login?returnto=https%3A%2F%2Fexample.com%2Ffoo%2Fbar%3Fbaz%3Dqux

Building the Markup

Putting everything together, using DekiScript, a sign-in link with a return to the current page can be achieved with this code.

<a href=(site.homepage.uri .. '@app/auth/{id}/login?returnto=' .. uri.encode(page.uri))>"Sign in"</a>
  • Was this article helpful?