Support multiple redirect urls per oauth app

New post

Comments

2 comments

  • jcleblanc

    Hi there,

    The ability to add multiple redirects to an OAuth 2 application is being reviewed for potential inclusion into the application creation process, but at the current time there isn't a timeline on when / if that will be added. 

    With that said, here are the two main options that I would suggest: 

    1. Using the state parameter: When you redirect a user as part of the login flow, there is a state parameter that may be set to pass information through the login / authorization flow (listed in the query params here). If you want to use a single application what you could potentially do is have all of your application types (dev / QA / prod) all use the same redirect URI but pass a state parameter through to indicate which environment should be used. You can then route to the proper application logic at that point. This is assuming that your environments are set up in a way to support this.
    2. Using separate applications: The other option would be to separate out each environment into its own OAuth 2 application. Personally this is the way I would go as it maintains a good separation of concerns, and ensures that your keys / client ID / client secret for your production application is the most secure as they're not embedded within dev / QA apps as well. 

    I know it's not ideal at the current time, but we'll continue working on improving the process to make the app management process easier. 

    - Jon

    0
    Comment actions Permalink
  • Juanjo Ar

    Yes, please add multiple redirect url support. It is almost impossible to migrate in a smooth way to a new redirect url for an application that is installed on thousands of devices.

    0
    Comment actions Permalink

Please sign in to leave a comment.