Hi @sinko,
Welcome to the Community!
For Allowed Callback URLs, you cannot use something like a wildcard (e.g. http://localhost:4200/*), but instead the URL must be an exact match, including the relative path.
The suggested implementation is to pass a state
param when requesting authentication and then refer to that in the /callback
page to perform the redirect:
-
Store the following in localStorage:
randomStateValue
:the URL pathname
. -
Pass
randomStateValue
as thestate
parameter in the authentication request. -
Check the state value in the callback, and retrieve the value for
randomStateValue
from localStorage. -
Perform the redirect from within your application.
Documentation: Prevent Attacks and Redirect Users with OAuth 2.0 State Parameters
Related topics: