We are implementing auth0 in our project and it is working real nice but the problem we are facing is with list of callback URLs. We have a flow where we first it in a demo and each demo has a different id and we have to add each demo in callback and logout URLs.
Is there any way where we can use wildcard instead of giving list of callbacks?
Any help on this would be really helpful
This article explains using the wildcard for callback URLs. Hope this helps!
Thank you so much for replying to me :). I actually tried like this for example
but this is not working when I am calling my API which redirects to auth0 it is saying that callback URL is not matching.
Thank you for the additional details.
Could you please confirm if the “Allowed Callback URLs” field of the application has the url like
what would be the mysubdomain here?
my bad, I misread your link.
The article I provided earlier mentions a few rules like this one.
must be located in a subdomain within the hostname component.
https://*.com will not work.
Therefore, your example will not work.
oh ok so there is no way to use wildcard in my case?
That’s correct. In the current design, we only support wildcard located in subdomain.
Please communicate your use case directly to our product team using our
feedback page and click on the Vote button. Thank you!
I am developing react-native application.
I am using auth0 library and I succeeded to define social connection to Facebook and google but fail to define apple sign in.
Can you help me ?
This seems to be a new topic. Could you please create a new one? Thanks!
This previous post may help for this scenario - it discusses setting up a dynamic callback url by creating a single page and using the ‘state’ parameter to store the desired redirect URL
Question: How do I set up a dynamic Allowed Callback URL?
If your application has several protected routes that follow a pattern (e.g., https://example.com/users/:user_id), you may want to set up the application’s Allowed Callback URLs in a dynamic way that won’t require hard-coding a long list of URLs.
You can use a wildcard in the subdomain (as long as it follows the guidelines outlined in the documentation). However, to follow OAuth 2.0 Security Best Current Practice, y…