So I have a website with several pages that use GET parameters and are called like this:
/staff/00500A which IIS redirects to /staff.php?Staff=00500A
and
/project/20230567.001 which IIS redirects to /project.php?Prj=20230567.001
So I’m trying to figure out how to list callbacks with something like https://www.domain.com/staff/* (Which, yes, I know does not work).
I’ve seen questions similar to this in the forums, but never one that has been answered.
Any help would be appreciated.
Hi @canderson,
Welcome to the Auth0 Community!
Unfortunately, as you have discovered, calling a wildcard at the end of your URL will not work and can make your application vulnerable to attacks. A redirect_uri with the value of https://www.domain.com/staff/staff.php?Staff=88888A would be considered valid even if there were no staff with that value.
Some options around this would be to:
Here are some helpful resources for your reference:
Please let me know if you have any questions.
Thanks,
Rueben
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.