we are currently using a local server setup which is failing to login because it isn’t matching the wildcard callback url’s
is this an issue with the string being sent to auth0 or is it an error message that could be masking another issue?
The note available below the Allowed Callback URLs field in the client application configuration mentions that:
You can use the star symbol as a wildcard for subdomains (‘*.google.com’).
This seems to indicate that an URL such as http://*.server.local
would be a supported case for the use of the wildcard which would then allow to use either http://a.server.local
or http://b.server.local
. However, http://*.server
does not seem a valid usage of the wildcard so it would not whitelist everything under .server
.
To clarify the usage of this, our internal network has a top level domain of company.local
so a full URL would be http://app.server.company.local
. To save everyone the bother of typing company.local
after every internal URL, our DNS redirects requests to server
to server.company.local
.
So when somebody accesses http://app.server
, we want a callback URL of http://app.server/callback
, but with wildcards only supporting subdomains, we are unable to add http://*.server/callback
to the list of allowed callback URLs.