Configure callback urls with wildcard

bryan1 · June 11, 2020, 10:07pm

I am configuring Auth0 login for our development environments, and I would like to use a wildcard in “Allowed Callback URLs”, “Allowed Logout URLs”, “Allowed Web Origins”, and “Allowed Origins (CORS)”.

The url structure is http://api.$user.dev.com and http://app.$user.dev.com where “$user” is the username of the developer e.g. http://api.bryan.dev.com and http://app.bryan.dev.com.

I would like to set the allowed urls so they work for all users, but I’ve tried all possible combinations and none of them work:

http://api.*.dev.com
http://*.dev.com
http://*.*.dev.com
*.dev.com

Does anyone have other ideas about how to do this?

Thank you,
Bryan

markd · June 12, 2020, 11:32am

The requirements for wildcards in subdomains are pretty strict. Of the examples you provided, only the second one will work, and it will only match a single subdomain. There’s nothing built in to the service that supports this. I can imagine an app with sufficient permissions dynamically updating the allowed URLs but you’d have to build that yourself.

bryan1 · June 12, 2020, 5:15pm

Thanks for the response. Dynamically updating sounds a little brittle and too much effort. I’ll instruct devs to use a consistent url and update their /etc/host instead.