Allowed Callback URLs ending with a wildcard

Looks like a value from Allowed Callback URLs is ignored

http://localhost/*

Is there a way to allow users to log in from any location from my site e.g.
instead of listing all of the possible pages (twice: prod and dev urls)?

Thank you

1 Like

As mentioned in the Client settings page:

You can use the star symbol as a
wildcard for subdomains
(‘*.google.com’). Make sure to specify
the protocol, http:// or https://,
otherwise the callback may fail in
some cases.

Wildcards are only allowed for the subdomain - the suggested way to handle multiple routes is to use a single callback route (e.g. /callback), end redirect to the desired route from within your application:

  1. Store the following in localStorage: randomStateValue: ‘/profile’.
  2. Pass randomStateValue as the state
    parameter in the authentication
    request.
  3. Check the state value in
    the callback, and retrieve the value
    for randomStateValue from
    localStorage.
  4. Perform the redirect
    from within your application.
6 Likes