Adding parameters to callback URLs

canderson · July 22, 2023, 12:17am

So I have a website with several pages that use GET parameters and are called like this:

/staff/00500A which IIS redirects to /staff.php?Staff=00500A
and
/project/20230567.001 which IIS redirects to /project.php?Prj=20230567.001

So I’m trying to figure out how to list callbacks with something like https://www.domain.com/staff/* (Which, yes, I know does not work).

I’ve seen questions similar to this in the forums, but never one that has been answered.

Any help would be appreciated.

rueben.tiow · July 24, 2023, 8:29pm

Hi @canderson,

Welcome to the Auth0 Community!

Unfortunately, as you have discovered, calling a wildcard at the end of your URL will not work and can make your application vulnerable to attacks. A redirect_uri with the value of https://www.domain.com/staff/staff.php?Staff=88888A would be considered valid even if there were no staff with that value.

Some options around this would be to:

Include each URL to the list of Allowed Callback URLs as there is no limit on the number of callback URLs.
Redirect to a common URL such as the app’s home page

Here are some helpful resources for your reference:

Please let me know if you have any questions.

Thanks,
Rueben

Topic		Replies	Views
Wildcard for callback urls Get Help callback	11	15526	December 21, 2022
We would like to add wildcard URL for "callbacks" and "allowed_logout_urls" Get Help auth0	2	2943	May 25, 2022
How to allow list of URL's in Auth0 after mentioning particular path Get Help auth0 , login , callback-urls	6	5952	April 8, 2021
Wildcard Url's not matching in callback Get Help login , callback-urls , callback , wildcard , client-setup	3	7282	March 2, 2018
Allowed Callback URLs ending with a wildcard Get Help callback-urls , wildcard , allow	2	28788	March 2, 2018

Adding parameters to callback URLs

Related topics