Allowed origins limitations

Hey there,

We have been using auth0 for a while on our app domain (
We are offering a multi-tenant environment for every tenant (
Tenants can also set up a custom domain tenant environment, this is done in the app (

  • How can we handle logins/signups from the Apideck domains (I saw that wildcard characters are prohibited in allowed origins)?
  • Is there a limit on the number of allowed origins (size, count of URI)?

Michiel De Wilde.

Hi @michiel,

There a couple ways to address this use-case.

  • You can add allowed origins programmatically via the management API.

  • Another solution I have seen proposed:
    – “Before you call the authorize endpoint, first save a state ID referencing the vanity URL, and send it in the call to /authorize. When the transaction completes and redirects the user to your callback URL, load the state, save the user information you need on the frontend’s local or session storage, and redirect them to the vanity URL.”

Not at this time. It is possible that a limit will be added at some point and we want customers to be aware of that possibility. We encourage users to be as efficient as possible with allowed origins.

I hope this helps answer your question.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.