Are port wildcards supported? (PKCE for Desktop apps)


I came across this post: Loopback Interface Redirection Help.

I am in exactly the same situation as the poster, so I will not explain it in detail as I’d be just repeating the same. But to keep it short, I’d like to implement login in my desktop app following the current best practices as described in RFC 8252 “OAuth 2.0 for Native Apps”. However that absolutely requires that the port can be specified at the time of the request, as the port can be different each time based on which are available in the client machine.

In the post linked above, you said a feature request was created for the support of “wildcards” for ports in the configured callback URLs. Apparently it’s not supported yet, though (or at least it’s not documented).

Is this something you plan to implement? Can I somehow follow the status of that request?


1 Like

Welcome to the Auth0 Community @ab11! :tada:

We do support wildcards in callback URLS. See: Auth0 Configuration (Web Apps + SSO)

Please let me know if you have any more questions!

1 Like

Hi Lily,

Thanks for taking the time to answer! According to my own testing, the star symbol does work as a wildcard for subdomains, so that a single entry in the “Allowed Callback URLs” will allow multiple subdomain.

It does not work, however, as a wildcard for the port, which is what this situation would require. If I attempt to save an entry with a “wildcard port”, such as “*/my-page” the dashboard will not even allow me to save it as it’s not a valid URI.

Could you confirm this?


There’s no way to allow for any wildcard port on the callback URLs, the port has to be explicitly configured.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.