Dynamic Callback URLs with Wildcards

lihua.zhang · September 14, 2022, 6:54pm

Problem Statement

Can Auth0 handle dynamic callback URLs by dynamically changing the URL path? For instance:

https://<app_domain>.com/<something dynamic>

Solution

This is not supported as wildcards are only allowed for subdomains. Wildcard placeholders in subdomains should not be used in production applications. Auth0 recommends URLs with the {organization_name} placeholder where relevant. See Subdomain URL Placeholders for additional details.

A workaround for this is to have a specific callback URL and then have your app redirect users to other endpoints as explained in Allowed Callback URLs ending with a wildcard.

Topic		Replies	Views
Configure callback urls with wildcard Help	2	5001	June 12, 2020
Wildcard for callback urls Help callback	11	12241	December 21, 2022
Alows multiple callback urls Help configuration , application	2	1250	August 29, 2023
What are the security challenges why Auth0 does not allow wildcard at the end of the domain. For eg. example.com/* is not supported for allowed callback urls Help configuration , application	2	26	September 9, 2024
We would like to add wildcard URL for "callbacks" and "allowed_logout_urls" Help auth0	2	2827	May 25, 2022

Dynamic Callback URLs with Wildcards

Problem Statement

Solution

Related Topics