|
|
|
|
|
|
by mooreds
142 days ago
|
|
|
> OAuth assumes static, pre-registered redirect URLs. So sounds to me like you are talking about using the authorization code grant in your application and wanting different redirect URLs for each of these environments. Is my assumption correct? If so, the options that I see are: * register those URLs at environment creation time. You mention it isn't obvious how to do so. I'm sure that depends on each IDP. I can tell you how to do it for the company I work for (info in bio) but that won't help you if that is not the IDP you are using. * use wildcarding for redirect URLs. While this is strongly discouraged in production environments, for dev and test environments I don't see a huge issue with it. Again this config is IDP dependent. * don't use OAuth. The redirect you're frustrated with is a key part of OAuth. At least the authorization code grant. So if that's causing you headaches then don't use it. But I don't know another standards based way to authenticate that is as widely supported and as robust as OAuth/OIDC. |
|
|