Skip to main content

This version of GitHub Enterprise was discontinued on 2023-07-06. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

About the user authorization callback URL

You can specify a URL that users will be redirected to after they authorize a GitHub App.

When you register a GitHub App, you can specify a callback URL. When you use the web application flow to generate a user access token in order to act on behalf of a user, users will be redirected to the callback URL after they authorize the GitHub App.

For security reasons, we recommend specifying multiple callback URLs and expecting an exact match when the user is redirected. If you only want to specify a single callback URL, you can use wildcards in the URL, but this is a less secure approach.

You can specify up to 10 callback URLs. If you specify multiple callback URLs, you can use the redirect_uri parameter when you prompt the user to authorize your GitHub App, to indicate which callback URL the user should be redirected to. If you do not specify redirect_uri, the first callback URL will be used. For more information about using the redirect_uri parameter, see "Generating a user access token for a GitHub App".

The callback URL is different from the setup URL. Users are redirected to the setup URL after they install a GitHub App. Users are redirected to the callback URL when they authorize a GitHub App via the web application flow. For more information, see "About the setup URL."

For more information about generating user access tokens, see "Generating a user access token for a GitHub App". For more information about registering a GitHub App, see "Registering a GitHub App." For more information about modifying a GitHub App registration, see "Modifying a GitHub App registration."