I have n number of development environments that are hosting an app which needs to communicate with one of my Auth0 clients. These environments are constantly spinning up and down, and each is assigned it’s own subdomain.
Is there any way via the Auth0 UI (or API) to “open up” my Auth0 client to allow any callback URL? Manually managing the Allowed Callback URLs is becoming a nightmare…
No, the validation that the provided redirect URL is among the set of white-listed URL’s is a major part of all the flows associated with the underlying authentication/authorization protocol being used and as such cannot be avoided as that would likely result in security issues.
You can control the list of allowed callback URL’s through the Auth0 Management API so if you want to avoid the manual configuration the recommendation would be to automate that setup step and add the necessary callback URL programmatically.