Redirect URL Flow
Stay organized with collections
Save and categorize content based on your preferences.
Redirect URL Flow
As part of the authentication process, the user will ultimately be redirected to the website of their issuing bank. Once the user has provided sufficient information, they should be redirected back to Google via the integrator. The user should be redirected to the integrator first, which in turn should redirect the user back to Google.
The integrator must redirect the user to callbackUrl, which is part of the authenticate payload. The integrator must implement an HTTPS protocol using GET. The GET parameters, outlined in Redirect Url Response Parameters, will contain information about the completed authentication.
The integrator must support URL lengths of 2,048 chars. This includes the scheme, host, port, path and parameters. All parameters will be UTF-8 encoded prior to being URL-encoded.
Redirect Url Response
Here's an example of the URL to which the user will be redirected as part of the Complete Redirect flow (also known as redirect response):
https://example.google.com/return/url?authenticateRequestId=cmVxdWVzdDE=&paymentIntegratorAccountId=SpeedyPaymentsIndia_INR&redirectUrlResponse=VEhJU19JU19BTl9FTkNSWVBURURfUkVESVJFQ1RfUkVTUE9OU0VfUEFZTE9BRF9FWEFNUExFX1RIQVRfSVNfRU5DT0RFRF9XSVRIX2Jhc2U2NF9VUkwtU0FGRV9FTkNPRElORw==
The URL-Decoded value of the authenticateRequestId parameter in this example is cmVxdWVzdDE. The URL-decoded value of the paymentIntegratorAccountId parameter in this example is SpeedyPaymentsIndia_INR
The redirectUrlResponsePGP or JWE+JWS before being base64 URL-encoded.
Redirect Url Response Parameters
The HTTPS GET response must have the following query parameters:
| Fields |
|
authenticateRequestId
|
string
<br>
<p><strong>REQUIRED</strong>: The
requestId
sent in the initiating authenticate request. Google will verify this matches the sent
requestId
, and the authentication flow will fail if it doesn't match. |
|
paymentIntegratorAccountId
|
string
<br>
<p><strong>REQUIRED</strong>: This is the payment integrator account
identifier that identifies contractual constraints around this
transaction.</p>
</td>
|
|
redirectUrlResponse
|
RedirectUrlResponse
REQUIRED: The RedirectUrlResponse
should be encrypted and signed using <strong>PGP</strong> or
<strong>JWE+JWS</strong>. Further, this value should be web-safe
base64
encoded. |
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-16 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-16 UTC."],[[["Users are redirected to their bank's website for authentication and then back to Google via the integrator."],["The integrator must redirect users to a specific callback URL with required parameters using an HTTPS GET request."],["Integrators need to handle URLs up to 2,048 characters long, including parameters encoded in UTF-8 and then URL-encoded."],["The `redirectUrlResponse` parameter contains encrypted and signed authentication information using PGP or JWE+JWS and is base64 URL-encoded."],["The redirect response requires `authenticateRequestId`, `paymentIntegratorAccountId`, and `redirectUrlResponse` as query parameters."]]],["The core process involves redirecting a user to their bank for authentication and then back to Google via an integrator. The integrator must redirect the user to the `callbackUrl`, using HTTPS GET with specific parameters: `authenticateRequestId`, `paymentIntegratorAccountId`, and the encrypted `redirectUrlResponse`. This response parameter is signed and encrypted with PGP or JWE+JWS before being base64 URL-encoded. The integrator must support URLs up to 2,048 characters and ensure all parameters are UTF-8 encoded. Google verifies the `requestId` to continue.\n"]]