Adding parameters to callback URLs

So I have a website with several pages that use GET parameters and are called like this:

/staff/00500A which IIS redirects to /staff.php?Staff=00500A
/project/20230567.001 which IIS redirects to /project.php?Prj=20230567.001

So I’m trying to figure out how to list callbacks with something like* (Which, yes, I know does not work).

I’ve seen questions similar to this in the forums, but never one that has been answered.

Any help would be appreciated.

Hi @canderson,

Welcome to the Auth0 Community!

Unfortunately, as you have discovered, calling a wildcard at the end of your URL will not work and can make your application vulnerable to attacks. A redirect_uri with the value of would be considered valid even if there were no staff with that value.

Some options around this would be to:

  1. Include each URL to the list of Allowed Callback URLs as there is no limit on the number of callback URLs.
  2. Redirect to a common URL such as the app’s home page

Here are some helpful resources for your reference:

Please let me know if you have any questions.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.