Callback handler
The callback handler is a redirect you implement in your app to allow users to sign in to the UserHub Portal and it's used when a user is linked directly to the UserHub Portal (i.e. invitations, billing statements, etc.).
For supported identity providers (e.g. Amazon Cognito, Auth0, etc.) you have the option of setting up an OpenID Connect (OIDC)-based sign in flow. For other providers, or if you need full control over invitation flows, you'll need to implement the callback handler yourself.
Before getting started, you'll need auth/sessions working in your app, a user provider set up in UserHub, and the ability to expose a public URL.
Sign in flow
Setup access to Admin API
Follow the Admin API getting started guide to set up the required credentials to make requests to the Admin API.
Add a callback endpoint
Add a path to your app that authenticates the user or sends them through your sign-in or sign-up flow if required.
You'll need to keep track of the full callback path and redirect the user to it after signing them in.
Here is a basic example of what this might look like:
@app.route("/userhub")
def userhub_callback():
user_id = session.get("user_id")
if not user_id:
# This should sign the user-in/sign-up and redirect back to the
# "/userhub?portalUrl=..." on success.
return redirect(url_for("app.signin", redirect_url=request.url))
Note that the user_id
above should be the identifier used by your identity provider that you track throughout your app, not a UserHub-generated user ID.
Create Portal session
Next, you need to generate a redirect URL by calling the create Portal session endpoint. The redirect URL will be supplied in the response, which you can use to send your user directly to the Portal.
Here is a more complete example:
@app.route("/userhub", methods=["GET"])
def userhub_callback():
user_id = session.get("user_id")
if not user_id:
return redirect(url_for("app.signin", redirect_url=request.url))
admin_api = AdminApi(os.environ["USERHUB_ADMIN_KEY"])
# This is the connection ID for your user connection/provider
# (e.g. Auth0, Custom Users, etc.).
connection_id = os.environ["USERHUB_USER_CONNECTION_ID"]
res = admin_api.users.create_portal_session(
user_id=f"{user_id}@{connection_id}",
portal_url=request.args.get("portalUrl"),
)
return redirect(res.redirect_url)
The user_id
variable in the above should be the identifier used by the user provider (e.g. google-oauth2|1030...
). The connection_id
variable should be your user provider connection identifier (e.g. conn_2A4rzn...
). When you use the {user_id}@{connection_id}
format, UserHub will attempt to automatically import the user if it doesn't already exist in UserHub.
The portalUrl
is a query parameter included in the initial UserHub Portal response that allows more granular control over the exact Portal URL you would like your user to end up. It must be included in the body of the createPortalSession
request, so that the user can be redirected there after being signed in.
The response will include a redirectUrl
, which will include a token that signs the user in and redirects them to the portalUrl
. Your callback handler should redirect the user to this URL.
Set your callback URL
The final step is to enable the UserHub Portal and set your callback URL.
- Go to the Admin console and click Portal via the Developers dropdown or Tenant settings
- Enter your newly created Callback URL (following the examples above, if your app runs at example.com and your callback route is defined as
/userhub
, you would enterhttps://example.com/userhub
) - Click Save
You should now see the Portal URL link at the top of the settings page. Click it to try signing in to the Portal.