Configure callback urls with wildcard

I am configuring Auth0 login for our development environments, and I would like to use a wildcard in “Allowed Callback URLs”, “Allowed Logout URLs”, “Allowed Web Origins”, and “Allowed Origins (CORS)”.

The url structure is http://api.$ and http://app.$ where “$user” is the username of the developer e.g. and

I would like to set the allowed urls so they work for all users, but I’ve tried all possible combinations and none of them work:

  1. http://api.*
  2. http://*
  3. http://*.*
  4. *

Does anyone have other ideas about how to do this?

Thank you,

The requirements for wildcards in subdomains are pretty strict. Of the examples you provided, only the second one will work, and it will only match a single subdomain. There’s nothing built in to the service that supports this. I can imagine an app with sufficient permissions dynamically updating the allowed URLs but you’d have to build that yourself.

Thanks for the response. Dynamically updating sounds a little brittle and too much effort. I’ll instruct devs to use a consistent url and update their /etc/host instead.