Testing the Integration Locally

To enable this, your ClientID must be explicitly authorized for local testing by the Wink Identity team.

Allowed Local URLs

Once authorized, you may use any of the following URLs in your redirect configuration:

You may also specify any other local development URL used by your environment, as long as it is added to your allowed redirect list by the Wink team.

When requesting local access, you must provide:

Frontend URL where the Wink Identity Web SDK will be loaded (e.g., your login page)
Redirect URL(s) where the user should be sent after a successful login
Cancel/Failure URL(s) where the SDK should redirect if the user cancels the flow or an error occurs

These URLs must be configured in Wink Identity’s authorization server to allow the SDK to complete the OAuth2 flow during local testing.

Component	Description
Local App Login Page	`http://localhost:3000/signin`
Return URL (Success)	`http://localhost:3000/api/auth/callback`
Cancel URL (Failure)	`http://localhost:3000/signin?error=access_denied`
Wink SDK Hosting	Hosted by Wink (no local file needed)

Make sure the above URLs are whitelisted in your Sandbox configuration before attempting to authenticate locally.

Browsers may block third-party cookies or cross-site redirects in strict privacy modes; test in a normal browser session.
Local testing should be done over HTTPS. Have a self-signed certificate properly installed.
If you make changes to your frontend callback URLs, you must inform Wink Identity so they are added to your configuration.
Local testing uses the same OAuth flow as production, including the requirement to create a Session ID before redirecting to the authorization server.