The guide here mentions that * based subdomain wildcards should be acceptable, however when implementing we receive errors for misaligned callbacks on login, and errors for the returnTo for logout. Adding the subdomain without wildcard however works fine in callbacks and logouts e.g. https://foo.localhost:8080 works, changing to https://*.localhost:8080 does not.
Is this a bug or an issue with our implementation?
Welcome to the Community. I suspect the localhost is treated like a top-level domain (.com, .ca, etc.) and https://*.localhost:8080 therefore violates the second rule for wildcards:
The wildcard must be located in a subdomain within the hostname component. https://*.com will not work.
You might be able to confirm this if you try something like https://*.foo.localhost:8080.