Advanced Auth

Riposte’s hosted authentication keeps sensitive provider secrets on our side, but some deployments need to own the entire consent flow. Advanced Auth gives you that option without giving up Riposte’s account orchestration or sync tooling.

When to choose Advanced Auth

• Your network policy blocks direct access to /auth/authorize, /auth/authorize (POST), or /providers/{providerName}/callback.
• You already have an end-user consent screen and want Riposte to stay behind your firewall.
• You need to keep traffic on your own domains while Riposte handles provider tokens and long-term sync.

Flow outline

1. In the admin portal, open Advanced → Custom Auth → Advanced Auth and generate provider credentials dedicated to this flow.
2. Use those credentials to run the OAuth handshake from your application. Your product hosts both the authorization screen and the redirect URI the provider calls back.
3. After exchanging the provider code for tokens, hand the resulting credentials to Riposte through the ingestion endpoint exposed in the admin portal so we can create or update the account.
4. Keep monitoring account status via the standard Accounts and Webhooks APIs—the downstream behavior is identical to the hosted flow once tokens are registered.

Differences from hosted auth

Hosted auth	Advanced Auth
Riposte serves the consent screen on your behalf.	You own the UI and provider redirects.
You must leave /auth/authorize, /auth/authorize (POST), and /providers/{providerName}/callback reachable.	Those endpoints can stay private; only your ingestion callback needs to talk to Riposte.
Google/Microsoft redirect back to Riposte before landing on your product.	Providers redirect straight to your infrastructure, and you forward the resulting tokens to Riposte.

Need help migrating to Advanced Auth? Reach out to Riposte support and we’ll walk you through the provider-specific setup.

0 endpoints

Self-hosted authentication flows and token ingestion