Dynamic Callback URLs with Wildcards

lihua.zhang · September 14, 2022, 6:54pm

Last Updated: Nov 25, 2024

Overview

This article clarifies whether Auth0 can handle dynamic callback URLs by dynamically changing the URL path. For instance:

https://<app_domain>.com/<something dynamic>

Applies To

Callback URLs
Wildcards

Solution

This is not supported, as wildcards are only allowed for subdomains. Wildcard placeholders in subdomains should not be used in production applications. Auth0 recommends URLs with the {organization_name} placeholder where relevant. See Subdomain URL Placeholders for additional details.

A workaround for this is to have a specific callback URL and then have your app redirect users to other endpoints, as explained in Allowed Callback URLs ending with a wildcard.

Topic		Replies	Views
Configure callback urls with wildcard Help	2	5019	June 12, 2020
Wildcard for callback urls Help callback	11	12493	December 21, 2022
Alows multiple callback urls Help configuration , application	2	1273	August 29, 2023
What are the security challenges why Auth0 does not allow wildcard at the end of the domain. For eg. example.com/* is not supported for allowed callback urls Help configuration , application	2	32	September 9, 2024
We would like to add wildcard URL for "callbacks" and "allowed_logout_urls" Help auth0	2	2839	May 25, 2022

Dynamic Callback URLs with Wildcards

Overview

Applies To

Solution

Related topics