Auth0 Home Blog Docs

Wildcard Url's not matching in callback



we are currently using a local server setup which is failing to login because it isn’t matching the wildcard callback url’s

is this an issue with the string being sent to auth0 or is it an error message that could be masking another issue?


The note available below the Allowed Callback URLs field in the client application configuration mentions that:

You can use the star symbol as a wildcard for subdomains (’*’).

This seems to indicate that an URL such as http://*.server.local would be a supported case for the use of the wildcard which would then allow to use either http://a.server.local or http://b.server.local. However, http://*.server does not seem a valid usage of the wildcard so it would not whitelist everything under .server.


To clarify the usage of this, our internal network has a top level domain of company.local so a full URL would be To save everyone the bother of typing company.local after every internal URL, our DNS redirects requests to server to

So when somebody accesses http://app.server, we want a callback URL of http://app.server/callback, but with wildcards only supporting subdomains, we are unable to add http://*.server/callback to the list of allowed callback URLs.