When a user cancels a login attempt, or a purchase flow, SPiD can redirect them to specific "cancel" URL. These "cancel redirect" URLs afford the client more fine-grained flow control. If a cancel redirect URL is not provided, the default (and required) redirect URL will be used instead.
The cancel redirect URL may be provided dynamically in the initial request to SPiD using the query parameter
cancel_redirect_uri. The value of this parameter must be a valid, URL encoded, redirection url pointing back to the client. We will validate that the domain matches the registered domain for the client as well.
The cancel redirect URL may also be established in advance. When that is the case, it will always be used, regardless of the
cancel_redirect_uri parameter. This behavior is a security feature, designed to prevent phising.
When SPiD redirects the user to the cancel redirect URL, it will add a query parameter,
spid_page. The parameter contains the name of the page where the user aborted the process. Possible values are:
- choose payment
- choose product
- required fields
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.