Register GIP callback URL with external IdP

Register the callback/redirect URL with the external Identity Provider (IdP) so the IdP can return the user-agent to GAS with the OAuth2 ID token.

This step is required when configuring GIP to use an external OpenID Connect IdP. The IdP must be able to redirect authenticated users back to GAS so GIP can receive and validate the OAuth2 ID token.

Register the GAS delegation service callback/redirect URL with the external IdP.
Use this exact pattern for the redirect URL:
http://host:port[/gas]/ws/r/services/GeneroIdentityProvider/oauth2callback/v1

Replace host, port, and the optional /gas with the values from your GAS deployment.

Ensure the redirect URL is entered exactly (including scheme and path); an incorrect or mismatched redirect URL will cause the IdP to reject the redirect and the authentication flow will fail.
  • Use https in production deployments; some IdPs require HTTPS redirect URIs.
  • If your deployment uses a load balancer, reverse proxy, or external hostname, register the public-facing host:port and path users will be redirected to (not an internal host).
  • If your GAS runs behind a web server configuration (for example, Apache, Nginx) with a connector alias, include the /gas segment. If not, omit it.

The IdP will redirect the user-agent to this URL after successful authentication so GAS can obtain the ID token and complete the sign-in flow. Test the redirect after registration by initiating a login and confirming the IdP redirects successfully to the callback URL.