[ccheney]

For preview URLs how are y'all handling SSO? No SSO provider supports wildcard redirect URIs. Looking for ideas...

[fishtoaster]

Auth0 does, thankfully! I set my redirect uri to `https://deploy-preview-*--my-cool-netlify-app-staging.netlif...` just the other day. :)

They have a few rather specific rules about it, but it works for deploy previews anyway: https://auth0.com/docs/applications/wildcards-for-subdomains

[nrmitchi]

Auth0 does, but IIRC it does not support multiple or not-last wildcards. Ie “app.*.preview.<domain>” does not work.

If your application itself has subdomains, Auth0 doesn’t solve this easily

[MapleWalnut]

I ran into this issue when setting up UI previews for a GitHub OAuth app.

My solution is to have a single callback server that looks in the OAuth state to determine where to redirect. This isn't secure, so when building the UI, I sign the UI's preview URL with a secret and send that in the OAuth state. The callback server checks the signature and redirects that way.

It's hacky and I wouldn't trust it for a production app, but for a test environment it seems okay.

[ccheney]

Excellent idea, thanks!