> ## Documentation Index > Fetch the complete documentation index at: https://docs.hanko.io/llms.txt > Use this file to discover all available pages before exploring further. # SAML identity provider callback > Callback endpoint called by the identity provider after successful login. ## OpenAPI ````yaml post /saml/callback openapi: 3.0.0 info: version: 1.2.0 title: Hanko Public API description: > ## Introduction This is the OpenAPI specification for the [Hanko Public API](https://github.com/teamhanko/hanko/blob/main/backend/README.md#basic-usage). ## Authentication The API uses [JSON Web Tokens](https://www.rfc-editor.org/rfc/rfc7519.html) (JWTs) for authentication. JWTs are verified using [JSON Web Keys](https://www.rfc-editor.org/rfc/rfc7517) (JWK). JWKs can be [configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options) through the `secrets.keys` options. The API also publishes public cryptographic keys as a [JWK set](https://www.rfc-editor.org/rfc/rfc7517#section-2) through the `.well-known/jwks.json` endpoint to enable clients to verify token signatures. JWTs must be provided on requests to protected endpoints using one of the following schemes: ### CookieAuth **Security Scheme Type**: `API Key` **Cookie parameter name**: `hanko` The JWT must be provided in a Cookie with the name `hanko`. ### BearerTokenAuth **Security Scheme Type**: `http` **HTTP Authorization Scheme**: `Bearer` **Bearer format**: `JWT` The JWT must be provided in an HTTP Authorization header with bearer type: `Authorization: Bearer `. ## Cross-Origin Resource Sharing Cross-Origin Resource Sharing (CORS) can be currently [configured](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#all-available-config-options) for public endpoints via the `server.public.cors` options. --- contact: email: developers@hanko.io license: name: AGPL-3.0-or-later url: https://www.gnu.org/licenses/agpl-3.0.txt servers: - url: https://{tenant_id}.hanko.io variables: tenant_id: default: '' description: The (UU)ID of a tenant. Replace the default value with your tenant ID. security: [] externalDocs: description: More about Hanko url: https://github.com/teamhanko/hanko paths: /saml/callback: post: tags: - SAML summary: SAML identity provider callback description: >- Callback endpoint called by the identity provider after successful login. operationId: post-saml-callback requestBody: description: SAML Identity Provider Response content: application/x-www-form-urlencoded: schema: type: object properties: RelayState: type: string SAMLResponse: type: string responses: '302': description: Found headers: Set-Cookie: schema: type: string description: >- Contains the JSON Web Token (JWT) that must be provided to protected endpoints.Cookie attributes (e.g. domain) can be set via [configuration](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config) option `session.cookie`. X-Auth-Token: schema: type: string description: >- Present only when enabled via [configuration](https://github.com/teamhanko/hanko/blob/main/backend/docs/Config.md#hanko-backend-config) option `session.enable_auth_token_header`for purposes of cross-domain communication between client and Hanko API. '307': description: Temporary Redirect headers: Location: schema: type: string description: >- On error, redirect to the `saml.default_redirect_url` set in the backend-configuration. Error details are provided in the location URL in the form of `error` and `error_description`query params. ````