The other client fields “Allowed Callback URLs”, “Allowed Logout URLs”, and “Allowed Origins (CORS)” all support wildcards…
I want/need wildcard support because I am in the process of moving my Google App Engine application to Auth0’s Hosted Login Page solution and taking advantage of checkSession() in auth0.js to reduce the amout of times the login page is displayed. Everything works great so far.
Google App Engine lets me run multiple versions of my application, with the “default” version being available at my domain address, and other versions are available using appspot.com urls that contain the version (ie. https://1-2-dot-myappid.appspot.com) Since i am constantly adding/testing new versions of my app, i don’t want to have to add each version-specific url to my Auth0 client… for the other client fields, i can add https://*myappid.appspot.com but I cannot do this for “Allowed Web Origins”.