bug: Wildcard redirect URIs (/**) no longer supportedΒ #8502
Description
Describe the bug
Previously, wildcard redirect URIs using the /** pattern were supported in Logto applications. This allowed a single base URL to handle multiple dynamic redirect paths.
Currently, this behavior no longer works. Redirect URIs must now be specified explicitly, and wildcard patterns such as /** are not being recognized.
Environment Logto version: v1.37.1
Expected behavior
Wildcard redirect URIs (e.g. /**) should allow dynamic paths under the same domain, as they did previously.
How to reproduce?
Steps to reproduce:
- Create or update an application in Logto
- Add a redirect URI using a wildcard pattern, e.g.: https://example.com/**
- Attempt to authenticate using a redirect URI such as: https://example.com/some/path
- Observe that the redirect is rejected:
{
"code": "oidc.invalid_redirect_uri",
"message": "redirect_uri did not match any of the client's registered redirect_uris.",
"error": "invalid_redirect_uri",
"error_description": "redirect_uri did not match any of the client's registered redirect_uris",
"iss": "https://my-logto/oidc"
}
Environment
Self-hosted (Docker image)
Screenshots
