FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Restrictions on redirect URIs?

    Scheduled Pinned Locked Moved
    Q&A
    limits oauth redirect-uri
    2
    4
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • danD
      dan
      last edited by dan

      What are the exact restrictions we have regarding redirect_uris?

      For instance, can we have subdomains? or go to a specific page (https://example.com/login/otherpage.html)?

      --
      FusionAuth - Auth for devs, built by devs.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        As long as it is a valid URI, it is allowed.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        D 1 Reply Last reply Reply Quote 0
        • D
          davidmw @dan
          last edited by

          @dan Any support for wildcards? We've got a query parameter (subscription key) needed by our backend and it would be great to not touch all the redirects for this

          danD 1 Reply Last reply Reply Quote 0
          • danD
            dan @davidmw
            last edited by

            Support for wildcards in redirect URIs just landed in 1.43.

            We don't recommend using these because they are against the OAuth specification (you could look at using the state parameter instead).

            But we listened to the community feedback on this issue: https://github.com/FusionAuth/fusionauth-issues/issues/437 and implemented it.

            It is still being documented, but you can read about it here: https://fusionauth.io/blog/2023/02/16/announcing-fusionauth-1-43#support-for-wildcards-in-redirect-urls

            Hope that helps, @davidmw !

            --
            FusionAuth - Auth for devs, built by devs.
            https://fusionauth.io

            1 Reply Last reply Reply Quote 0
            • First post
              Last post