Allowed Callback URLs validation is incorrect

Feature: Custom schemes should be valid as Callback URLs.

Description: The URL validation does not allow all characters which are permitted in a custom scheme, it appears to only accept alphanumeric characters.

Use-case: Mobile apps often use custom schemes, and it is essential that an OAuth redirect be able to return to a mobile app to complete sign-in. Custom schemes containing “+”, “-”, or “.” are valid, and should not be prevented from being entered in the Allowed Callback URLs field for an Auth0 app.

Hey there!

Thanks for creating this feedback card! Make sure to upvote it so that it gets as much attention from other community users as possible. We review those feedback cards on a monthly basis and will let you know once we have any updates on that front. Thank you!

That’s fine, I guess, but this is clearly a bug.