Dynamic Callback URLs with Wildcards

lihua.zhang · September 14, 2022, 6:54pm

Last Updated: Nov 25, 2024

Overview

This article clarifies whether Auth0 can handle dynamic callback URLs by dynamically changing the URL path. For instance:

https://<app_domain>.com/<something dynamic>

Applies To

Callback URLs
Wildcards

Solution

This is not supported, as wildcards are only allowed for subdomains. Wildcard placeholders in subdomains should not be used in production applications. Auth0 recommends URLs with the {organization_name} placeholder where relevant. See Subdomain URL Placeholders for additional details.

A workaround for this is to have a specific callback URL and then have your app redirect users to other endpoints, as explained in Allowed Callback URLs ending with a wildcard.

Topic		Replies	Views
Configure callback urls with wildcard Get Help	2	5144	June 12, 2020
Wildcard for callback urls Get Help callback	11	14243	December 21, 2022
Alows multiple callback urls Get Help configuration , application	2	1389	August 29, 2023
What are the security challenges why Auth0 does not allow wildcard at the end of the domain. For eg. example.com/* is not supported for allowed callback urls Get Help configuration , application	2	68	September 9, 2024
We would like to add wildcard URL for "callbacks" and "allowed_logout_urls" Get Help auth0	2	2889	May 25, 2022

Dynamic Callback URLs with Wildcards

Overview

Applies To

Solution

Related topics