Adding parameters to callback URLs

canderson · July 22, 2023, 12:17am

So I have a website with several pages that use GET parameters and are called like this:

/staff/00500A which IIS redirects to /staff.php?Staff=00500A
and
/project/20230567.001 which IIS redirects to /project.php?Prj=20230567.001

So I’m trying to figure out how to list callbacks with something like https://www.domain.com/staff/* (Which, yes, I know does not work).

I’ve seen questions similar to this in the forums, but never one that has been answered.

Any help would be appreciated.

rueben.tiow · July 24, 2023, 8:29pm

Hi @canderson,

Welcome to the Auth0 Community!

Unfortunately, as you have discovered, calling a wildcard at the end of your URL will not work and can make your application vulnerable to attacks. A redirect_uri with the value of https://www.domain.com/staff/staff.php?Staff=88888A would be considered valid even if there were no staff with that value.

Some options around this would be to:

Include each URL to the list of Allowed Callback URLs as there is no limit on the number of callback URLs.
Redirect to a common URL such as the app’s home page

Here are some helpful resources for your reference:

Please let me know if you have any questions.

Thanks,
Rueben

system · August 7, 2023, 8:30pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alows multiple callback urls Help configuration , application	2	1250	August 29, 2023
Can we redirect a user back to a parameterized URL when login with Auth0? Help	2	5358	May 3, 2021
Add Parameter to Callback URL Help	4	4656	September 3, 2019
How to add parameter to callbacks URL (redirect_url) after login Help login-experience , new-universal-login-experience	0	774	September 24, 2023
Can I use wildcards in redirect_uri after login? Help login-experience , new-universal-login-experience	3	615	February 20, 2024

Adding parameters to callback URLs

Related topics