Loopback Interface Redirection -- Ephemeral Ports -- Wildcard Ports in localhost Redirect URI

Is there any plan to add the ability to provide support for wildcard ports for redirect URIs to dynamic/ephemeral localhost ports per RFC 8252?

Loopback Interface Redirection – Ephemeral Ports https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

" The authorization server MUST allow any port to be specified at the
time of the request for loopback IP redirect URIs, to accommodate
** clients that obtain an available ephemeral port from the operating**
** system at the time of the request.**"

I have found many different support forum posts spanning multiple years where this is requested as per the RFC 8252. The answers have been that it is not supported… with no justification or indication of future roadmap functionality. One post suggested asking here in this developers forum but I found no topics via search. Apologies if this post is redundant or answered previously.

I’m new to Okta but I’m working on a product that uses ephemeral ports on localhost for a desktop client. Azure AD, Ping, Keycloak, and others support the ability to provide a wildcard port. For most, no wildcard is required… when the required Redirect URI (http://localhost/openid-callback) is defined, other IDPs automatically allow for dynamic ports on localhost.

Can anyone provide insight into when this will be supported? If it won’t, why not?

Are there any workarounds available? Is there any way to bulk add the full range of ephemeral ports to the configuration?

Lack of support for localhost ephemeral ports in redirect URIs is resulting in all other IDPs being natively compatible with the product except for Okta.

Any advice would be much appreciated! Thanks!

At this time, Okta does not support this RFC. If you haven’t already, I’d recommend filing an Okta Idea to let our Product team know you’re interested in this enhancement.