Auth0 Home Blog Docs

Allowed Callback URLs ending with a wildcard

callback-urls
wildcard
allow

#1

Looks like a value from Allowed Callback URLs is ignored

http://localhost/*

Is there a way to allow users to log in from any location from my site e.g.
instead of listing all of the possible pages (twice: prod and dev urls)?

Thank you


#2

As mentioned in the Client settings page:

You can use the star symbol as a
wildcard for subdomains
(’*.google.com’). Make sure to specify
the protocol, http:// or https://,
otherwise the callback may fail in
some cases.

Wildcards are only allowed for the subdomain - the suggested way to handle multiple routes is to use a single callback route (e.g. /callback), end redirect to the desired route from within your application:

  1. Store the following in localStorage: randomStateValue: ‘/profile’.
  2. Pass randomStateValue as the state
    parameter in the authentication
    request.
  3. Check the state value in
    the callback, and retrieve the value
    for randomStateValue from
    localStorage.
  4. Perform the redirect
    from within your application.

#3