Skip to main content

How does it work?

Overview

Auth Referrer automatically authenticates users when they arrive from trusted URLs that you configure.

Admin Role Limitation – click to expand
caution

Authentication methods based on IP, URL referrer, LTI, or SAML are designed for end-user access only.
When the identifier corresponds to an administrator account, the platform intentionally starts the session with regular user permissions to prevent privilege escalation.

Administrators who need to access the Control Panel must:

  1. Set a password to their account.
  2. Log out of the current integration-based session.
  3. Log back in using email + password to regain full administrator privileges.

How to configure it?

In the store:

  1. Go to Control Panel > Users
  2. Create a new user or select an existing one
  3. Set the URL or URLs using the option Assign URL referrers in the dropdown menu.

assign-ip

note

The referrer is the page where the user clicked the link. For example, if they click a button on https://google.com that leads to https://app.publica.la, the referrer is https://google.com.

tip

You can scope referrers down to specific paths such as https://google.com/some-path/classroom.

caution

Modern browsers (Chrome 85+) changed the default Referrer Policy, so ensure the referring site explicitly allows the policy you need.

In the third party end:

  1. Create a button or hyperlink that your users will click to access the store.
  2. Point that element to https://{store_final_domain}/auth/referrer.
<a href="https://{store_final_domain}/auth/referrer">Login User</a>
<button type="button" onclick="loginUser()">Login User</button>

<script>
function loginUser() {
    return window.location.href = 'https://{store_final_domain}/auth/referrer';
}
</script>
  1. In case you need to redirect users to a specific URL inside store such as the publication page or a specific filter you may add the intended_url parameter to your URL.
<a href="https://{store_final_domain}/auth/referrer?intended_url=https://{store_final_domain}/reader/product-name">Login User</a>
<button type="button" onclick="loginUser()">Login User</button>

<script>
function loginUser() {
    return window.location.href = 'https://{store_final_domain}/auth/referrer?intended_url=https://{store_final_domain}/reader/product-name';
}
</script>

Troubleshooting

If something is misconfigured users will be directed to the login form instead of being automatically logged in. Append ?debug=true to the referrer login URL to inspect incoming requests:

https://your-store.com/auth/referrer?debug=true

The debug screen shows the detected referrer, IP list, and headers so you can confirm that the expected origin matches the configured URL.

assign-ip

X

Graph View