Hello,
We’re creating an Okta application and the number of redirect URIs are in the hundreds due to different locales and environments. Is there any way to whitelist a wildcard version of these?
@kapple Hi, wildcards in the hostname can be problematic. For security consideration, you’d better to use the full URI, as it is outlined in the OAuth 2.0 Threat Model :
An authorization server should require all clients to register their
“redirect_uri”, and the “redirect_uri” should be the full URI as
defined in [RFC6749].
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.