function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Igor Androsov 5Igor Androsov 5 

Community fail to redirect user to web app

We have a web app that uses salesforce Communities as IDP to register and authenticate users via OAuth 2.0.
Set up connected app for this with correct OAuth settings, redirect URL for testing with http:localhost NOT https yet. Wen use connected app in mode all users are Perauthorized with admin (avoid that Authorize app poopup). We set startURL parameter to eredirect user to our web -app after Community login or register.
Login existing user works as expected user authenticates and redirected to the app with Access token - GREAT!
Now Registration new user - DO NOT WORK. It seem new user is created but automated-login for this new user always redirects user to Community portal Home page. Even we set StartURL to our direct to http://localhost:8080... still Community page. Try to change APEX controller to force redirect still not working. Site.login method seem to NOT responding to startURL when Connected app is set PRE AUTHORIZED.

On other hand if I switch connected app to Allow all users to Self authorize then Site.login redirects to our Web-app via startURL.

Is this some Limitation that makes use of connected app with web-apps painfull? Bad UX requiring some additional steps.
May this is some Comunity bug? Any insight will be helpfull.
Thank you

Did you find a solution to this?

If not, can you check your connected app settings, you should be able to pre-authorize a specific profile for that connected app. Then, within your registration handler, you would assign that profile to all new users.  Otherwise it's a manual process to have an Admin authorize each community user after they're created.


Igor Androsov 5Igor Androsov 5
@rscot138 I did find a solution for this, need to always construct redirect start URL with client ID which is Connected app consumer key. IN self-reg flow it gets lost but in Login flow that parameter is there, taht was why it worked. It is documented in OAuth docs too.
grant_type Set this to the password. client_id Your application's client identifier. client_secret Your application's client secret. username The API user's username, of the form password The API user's password. If the client's IP address has not been whitelisted in your org, you must concatenate the security token with the password.
Here is URL format: