So I have a website with several pages that use GET parameters and are called like this:
/staff/00500A which IIS redirects to
/project/20230567.001 which IIS redirects to
So I’m trying to figure out how to list callbacks with something like
https://www.domain.com/staff/* (Which, yes, I know does not work).
I’ve seen questions similar to this in the forums, but never one that has been answered.
Any help would be appreciated.
Welcome to the Auth0 Community!
Unfortunately, as you have discovered, calling a wildcard at the end of your URL will not work and can make your application vulnerable to attacks. A
redirect_uri with the value of
https://www.domain.com/staff/staff.php?Staff=88888A would be considered valid even if there were no staff with that value.
Some options around this would be to:
- Include each URL to the list of Allowed Callback URLs as there is no limit on the number of callback URLs.
- Redirect to a common URL such as the app’s home page
Here are some helpful resources for your reference:
Please let me know if you have any questions.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.