Site owner checklist (sign-in)

You do not need to read code to use this page. Share it with whoever owns the app registration, domains, or customer-facing login.

Someone with authority can create or access the Intastellar app / client registration (public vs confidential is decided here).
You have a list of real redirect URLs you will use in production and staging (https:// only where required; no wild guesses).
You know whether visitors sign in in a popup, full-page redirect, or embedded pattern — that choice affects UX and testing.
Privacy policy and terms links on your site match what you tell users (sign-in often sits next to those pages).

After integration (smoke test)

Incognito / private window: start sign-in from your real domain (not only localhost if production matters).
Complete sign-in and land on the expected page; refresh once — session should still look right for your product.
Sign out (if you expose it) and confirm the user must sign in again when you expect that.
Try Safari (desktop or iPhone) if you have real traffic there — third-party cookies and storage rules differ from Chrome.

Compare redirect URIs in the console with the exact URL the browser shows after login — typos, trailing slashes, and http vs https are the usual culprits. See Redirect URIs and callbacks.
If only some environments fail, check separate app registrations or redirect lists for staging vs production.
For “works on my machine” issues, read Debugging sign-in, then Contact & support with environment, URL, and screenshots.

Last updated Apr 7, 2026