Callback handler

The callback handler is a redirect you implement in your app to allow users to sign in to the UserHub Portal and it's used when a user is linked directly to the UserHub Portal (i.e. invitations, billing statements, etc.).

For supported identity providers (e.g. Amazon Cognito, Auth0, etc.) you have the option of setting up an OpenID Connect (OIDC)-based sign in flow. For other providers, or if you need full control over invitation flows, you'll need to implement the callback handler yourself.

Before getting started, you'll need auth/sessions working in your app, a user provider set up in UserHub, and the ability to expose a public URL.

Sign in flow

UserHub Portal sign in flow
UserHub Portal sign in flow

Setup access to Admin API

Follow the Admin API getting started guide to set up the required credentials to make requests to the Admin API.

Add a callback endpoint

Add a path to your app that authenticates the user or sends them through your sign-in or sign-up flow if required.

You'll need to keep track of the full callback path and redirect the user to it after signing them in.

Here is a basic example of what this might look like:

@app.route("/userhub")
def userhub_callback():
    user_id = session.get("user_id")
    if not user_id:
        # This should sign the user-in/sign-up and redirect back to the
        # "/userhub?portalUrl=..." on success.
        return redirect(url_for("app.signin", redirect_url=request.url))

Note that the user_id above should be the identifier used by your identity provider that you track throughout your app, not a UserHub-generated user ID.

Create Portal session

Next, you need to generate a redirect URL by calling the create Portal session endpoint. The redirect URL will be supplied in the response, which you can use to send your user directly to the Portal.

Here is a more complete example:

@app.route("/userhub", methods=["GET"])
def userhub_callback():
    user_id = session.get("user_id")
    if not user_id:
        return redirect(url_for("app.signin", redirect_url=request.url))

    admin_api = AdminApi(os.environ["USERHUB_ADMIN_KEY"])

    # This is the connection ID for your user connection/provider
    # (e.g. Auth0, Custom Users, etc.).
    connection_id = os.environ["USERHUB_USER_CONNECTION_ID"]

    res = admin_api.users.create_portal_session(
        user_id=f"{user_id}@{connection_id}",
        portal_url=request.args.get("portalUrl"),
    )

    return redirect(res.redirect_url)

The user_id variable in the above should be the identifier used by the user provider (e.g. google-oauth2|1030...). The connection_id variable should be your user provider connection identifier (e.g. conn_2A4rzn...). When you use the {user_id}@{connection_id} format, UserHub will attempt to automatically import the user if it doesn't already exist in UserHub.

The portalUrl is a query parameter included in the initial UserHub Portal response that allows more granular control over the exact Portal URL you would like your user to end up. It must be included in the body of the createPortalSession request, so that the user can be redirected there after being signed in.

The response will include a redirectUrl, which will include a token that signs the user in and redirects them to the portalUrl. Your callback handler should redirect the user to this URL.

Set your callback URL

The final step is to enable the UserHub Portal and set your callback URL.

  1. Go to the Admin console and click Portal via the Developers dropdown or Tenant settings
  2. Enter your newly created Callback URL (following the examples above, if your app runs at example.com and your callback route is defined as /userhub, you would enter https://example.com/userhub)
  3. Click Save

You should now see the Portal URL link at the top of the settings page. Click it to try signing in to the Portal.

PreviousPortal
NextSend customer emails

Turn users intorevenue
$

Subscribe to monthly product updates

© 2024 UserHub

Integrations

    UserHub & Auth0UserHub & Stripe BillingUserHub & Google CloudUserHub & FirebaseUserHub & custom auth