Allowed callback url per domain

Is there a way to authorize the “Allowed callback url” per domain instead of per URL? Something like* ?

Because for example right now, when a user login on my application, the URL is But they are many different mediaId possible, and i can’t enter manually all the media url in the allowed callback fields.

Hi @geoffrey.signorato,

I believe this answer should help you: Allowed Callback URLs ending with a wildcard - #2 by prashantT

You can use wildcards for subdomains, but not routes. As suggested in the solution, you can set up a single callback URL to cover all routes.

Thank you, very useful!
Ideally i would not need a redirect at all. I’am using the auth0 lock library to show a modal on my page: Once the user is logged, I can get the token via the on authenticated method.
But right now, even though I set up redirect at false, i’am getting a 403 in the auth0 log saying this url is not in the allowed callback of the app, even though there is no redirect, does it make sense?

Yes, that makes sense!

It sounds like you might be running into a cross-origin authentication issue. You may need to configure a cross-origin verification page as described here (if you haven’t already):

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.