Auth0 Home Blog Docs

Allowed Callback URLs ending with a wildcard



Looks like a value from Allowed Callback URLs is ignored


Is there a way to allow users to log in from any location from my site e.g.
instead of listing all of the possible pages (twice: prod and dev urls)?

Thank you


As mentioned in the Client settings page:

You can use the star symbol as a
wildcard for subdomains
(’*’). Make sure to specify
the protocol, http:// or https://,
otherwise the callback may fail in
some cases.

Wildcards are only allowed for the subdomain - the suggested way to handle multiple routes is to use a single callback route (e.g. /callback), end redirect to the desired route from within your application:

  1. Store the following in localStorage: randomStateValue: ‘/profile’.
  2. Pass randomStateValue as the state
    parameter in the authentication
  3. Check the state value in
    the callback, and retrieve the value
    for randomStateValue from
  4. Perform the redirect
    from within your application.