I am switching over a single page javascript app to use okta for authentication with sign in redirection, with the quirk that in addition to the normal domain name for the app, I deploy test builds to dynamically generated subdomains underneath the app domain.
To illustrate what I mean:
The main app domain is: https://myapp.mydomain.com/
. That we can set up the okta integration for easily.
But the test build app domains are: https://<name-of-test-build>.test-builds.myapp.mydomain.com
Where the <name-of-test-build>
is dynamic and unique for each new test build. This allows us to get multiple test builds online in parallel.
Ideally, in order to authenticate our test build apps, we could add an okta app integration which uses a wildcard login redirect uri, ex: https://*.test-builds.myapp.mydomain.com
. However, I am confused as to whether this is possible, since I found the following somewhat conflicting information:
The former help article confirms what I found out by actually trying to enter a wildcard domain in the gui using * - it doesn’t work. The latter release notes seem to indicate that this is possible if I have early access and if I use the App API rather than the okta admin dashboard to set it up. However it is unclear if the wildcard will only match a single character, or if the wildcard can match multiple characters, for example the entire subdomain name.
To boil down my question:
- Will the wildcarded domains entered through the app api with early access be the right thing for my use case?
- Is there any other way that is recommended to handle this sort of situation?
Here is a post about the same issue before the wildcard redirect domains was added to app api.
That thread is ancient now though, and no satisfying answers came out of it.